ASA5506 port forward problem

I have an 5506w asa ver 9 and asdm 7. The problem i am having is i just changed out from a linksys router to this ASA. So it goes ISP modem > ASA (used to be linksys) > switch > computers. I have port forwarded the same 10 TCP ports, but only 2 of them are not working 3389 and another.

Previously i had tested this box at my office and had 3389 on a different IP and when I actually set it up at the final location I changed the IP and it no longers works. I went so far as to remove the network object, Nat rule, and the access rule for it. I recreated it and still not working. I know previously right before i changed the box out i was able to rdp into the server. I went and even double checked to make sure noone had changed the listening port on the server and the windows firewall had the port allowed. Checked remote settings and it is still on. What could i be missing at this point? I mean it was working hours before the change and the only thing that changed was this ASA box. GRC says it is closed and not stealth so something is slightly open?
LVL 1
easyworksAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

NetExpert Network Solutions Pte LtdTechnical SpecialistCommented:
While you open the tcp port forwarding you may need to open acccess-list for the specific ip address too on the ASA.

can you post your asa config
Benjamin Van DitmarsSr Network EngineerCommented:
What ip did you use.

Normaly change youre nat policy and access rule.
Did you change both of them ?
easyworksAuthor Commented:
NetExpert Network Solutions Pte Ltd
Sorry, im really new to ASA so i am not sure exactly what you are asking for.

Benjamin Van Ditmars
I guess just to walk you through what I did...
Firewall > Objects > network objects/groups > add > network object > name: 3389, type: Host, IP Address: (LanIP of my server), expanded NAT and checked "add automatic address translation rules, type: static, translate addr: outside > advanced > source interface: inside, destination interface: Outside, protocol: tcp, real port: 3389, mapped port: 3389 > ok > ok > apply > save > Access Rules > Add > interface: outside, source: any, desintation: 3389 (object i had just created), service: ip > ok > apply > save.
Become an IT Security Management Expert

In today’s fast-paced, digitally transformed world of business, the need to protect network data and ensure cloud privacy has never been greater. With a B.S. in Network Operations and Security, you can get the credentials it takes to become an IT security management expert.

easyworksAuthor Commented:
Just in case took screenshots of the Object/Nat and Access Rule
access-rule.jpg
nat-rule.jpg
network-object.jpg
NetExpert Network Solutions Pte LtdTechnical SpecialistCommented:
The above screenshot confirm that the config of port forwarding is right.

Still, do u see any issues.?
NetExpert Network Solutions Pte LtdTechnical SpecialistCommented:
If you have time, i can take a look of your ASA config and logs thru team viewer(remote management application)
easyworksAuthor Commented:
Sure, but I only have access to the asdm though right now.
NetExpert Network Solutions Pte LtdTechnical SpecialistCommented:
Yes.. ASDM access is enough to see the logs..

Let me know your team viewer id and password
easyworksAuthor Commented:
Do you use skype or could i get your email?
NetExpert Network Solutions Pte LtdTechnical SpecialistCommented:
you can send to my id  projects@netexpert.com.sg
easyworksAuthor Commented:
Okay, i just sent the teamviewer info to your email.
NetExpert Network Solutions Pte LtdTechnical SpecialistCommented:
Based on my troubleshooting session with you thru teamviewer, I am sure that there is no issue on the ACL/NAT.

While We tried to access the RDP server from outside , the connection request is not hitting to ASA at all.

Belive, some other box, which is above ASA is blocking the port. you can check with config on that box.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.