Cisco ASA 5505 RDP

Question

I am having some trouble getting port passthrough for a single external IP. ASA 5505 CLI Version 8.2(5).

I've tried a few different configs, but I can't seem to get it to work. I am trying to configured RDP access for one specific public IP only.

Using 50.1.1.1 as an external IP that is trying to gain RDP access. 105.1.1.1 as the office network public IP and 192.0.0.1 as the private RDP IP.

Config 1.

access-group INBOUND in interface outside

access-list INBOUND extended permit tcp host 50.1.1.1 eq 3389 host 105.1.1.1 eq 3389

static (inside,outside) tcp interface 3389 192.0.0.1 3389 netmask 255.255.255.255

Config 2

access-group INBOUND in interface outside

object-group network RDP network-object 50.1.1.1 255.255.255.255

access-list inbound extended permit tcp object-group RDP eq 3389 host 105.1.1.1 eq 3389

static (inside,outside) tcp interface 3389 192.0.0.1 3389 netmask 255.255.255.255

Thanks for any assistance on this.

There really is a ton of information on the internet about this. I have to wonder how hard you looked before asking. Duplicate of: https://serverfault.com/questions/744655/cisco-asa-allowing-external-access-to-a-secure-server-via-rdp and https://serverfault.com/questions/146108/port-forwarding-using-asdm-6-0 and https://serverfault.com/questions/325015/cisco-asa-configure-external-access-to-a-server and so on, and so forth. — Appleoddity, Nov 17 '17 at 06:01

score 0 · Answer 1 · answered Nov 27 '17 at 21:29

For a quick off the cuff response: you are indicating a source port for RDP. The RDP protocol doesn't use a source port of TCP/3389 every time, it randomizes the outgoing source port.

There could be a longer answer depending on your full configuration.

Cisco ASA 5505 RDP

1 Answers1