ASA5506 port forward problem

I have an 5506w asa ver 9 and asdm 7. The problem i am having is i just changed out from a linksys router to this ASA. So it goes ISP modem > ASA (used to be linksys) > switch > computers. I have port forwarded the same 10 TCP ports, but only 2 of them are not working 3389 and another.

Previously i had tested this box at my office and had 3389 on a different IP and when I actually set it up at the final location I changed the IP and it no longers works. I went so far as to remove the network object, Nat rule, and the access rule for it. I recreated it and still not working. I know previously right before i changed the box out i was able to rdp into the server. I went and even double checked to make sure noone had changed the listening port on the server and the windows firewall had the port allowed. Checked remote settings and it is still on. What could i be missing at this point? I mean it was working hours before the change and the only thing that changed was this ASA box. GRC says it is closed and not stealth so something is slightly open?
LVL 1
easyworksAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

NetExpert Network Solutions Pte LtdTechnical SpecialistCommented:
While you open the tcp port forwarding you may need to open acccess-list for the specific ip address too on the ASA.

can you post your asa config
0
Benjamin Van DitmarsCommented:
What ip did you use.

Normaly change youre nat policy and access rule.
Did you change both of them ?
0
easyworksAuthor Commented:
NetExpert Network Solutions Pte Ltd
Sorry, im really new to ASA so i am not sure exactly what you are asking for.

Benjamin Van Ditmars
I guess just to walk you through what I did...
Firewall > Objects > network objects/groups > add > network object > name: 3389, type: Host, IP Address: (LanIP of my server), expanded NAT and checked "add automatic address translation rules, type: static, translate addr: outside > advanced > source interface: inside, destination interface: Outside, protocol: tcp, real port: 3389, mapped port: 3389 > ok > ok > apply > save > Access Rules > Add > interface: outside, source: any, desintation: 3389 (object i had just created), service: ip > ok > apply > save.
0
Choose an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

easyworksAuthor Commented:
Just in case took screenshots of the Object/Nat and Access Rule
access-rule.jpg
nat-rule.jpg
network-object.jpg
0
NetExpert Network Solutions Pte LtdTechnical SpecialistCommented:
The above screenshot confirm that the config of port forwarding is right.

Still, do u see any issues.?
0
NetExpert Network Solutions Pte LtdTechnical SpecialistCommented:
If you have time, i can take a look of your ASA config and logs thru team viewer(remote management application)
0
easyworksAuthor Commented:
Sure, but I only have access to the asdm though right now.
0
NetExpert Network Solutions Pte LtdTechnical SpecialistCommented:
Yes.. ASDM access is enough to see the logs..

Let me know your team viewer id and password
0
easyworksAuthor Commented:
Do you use skype or could i get your email?
0
NetExpert Network Solutions Pte LtdTechnical SpecialistCommented:
you can send to my id  projects@netexpert.com.sg
0
easyworksAuthor Commented:
Okay, i just sent the teamviewer info to your email.
0
NetExpert Network Solutions Pte LtdTechnical SpecialistCommented:
Based on my troubleshooting session with you thru teamviewer, I am sure that there is no issue on the ACL/NAT.

While We tried to access the RDP server from outside , the connection request is not hitting to ASA at all.

Belive, some other box, which is above ASA is blocking the port. you can check with config on that box.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.