Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations biv343 on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Configure custom RDP protocol for Cisco ASA 5510

Status
Not open for further replies.
JDMils

JDMils

Programmer
Mar 26, 2003
15
AU
I'm configuring a Cisco ASA5510 to allow RDP into the private network, from the internet (port 3389) so that home users can use WinXP RDP to log into the Win2003 Terminal Server.

I don't think the ASA has a definition for RDP protocol so I wanted to make one. I want to create a protocol defined as port 3389, call it "RDP" and then configure a policy to allow incoming RDP traffic to the Terminal Server.

Can this be done in the Cisco ASDM software?

|
+-- Julian
|
 
Sort by date Sort by votes
Just add a static for that port to your Term Serv. I don't think you can add a name for the port.

static (inside,outside) tcp [ExternalIP] 3389 [InternalIP] 3389 netmask [MASK]


Unless your server is locked down and users have pretty strong passwords, having the default port 3389 visible outside is tempting. I can't tell you how many of my firewalls get people trying to log in who don't belong (script kiddies mostly.) If you can use a non standard port for the external port. Just connect with IP:pORT to use a non-standard RDP port.


Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
Thanks Brent. Yeah, I have all my internal users VPN in first, the run Terminal Server using the internal IP of the TS server. But for the small number of suppliers we have who need TS access to our system, I had setup a RDP access policy for only their specific IPs. Thus, if you don't have a VPN connection and your IP is not that defined on the firewall, then there is NO TS access.

Wrt naming the RDP protocol, on my old DLINK DFL-1000 firewall, you could create custom names for protocols, networks, servers/workstations, etc. I find it amazing that the 5510 has this ability also, but lacks the facility to do it for protocols.

Note that I'm using the ASDM software (Java console running in a browser) not the Command Line Interface. Thanks

|
+-- Julian
|
 
Upvote 0 Downvote
I think I found the answer....Service Groups. Edit a Security Policy and you will find a button called "Manage Service Groups". I defined a SG called "RDP" with port 3389 to 3389.

|
+-- Julian
|
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
674
Johnkite
Johnkite
intel233
  • Locked
  • Question
Cisco ASA 5510 -Static NAT Help
Replies
8
Views
739
intel233
intel233
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
665
intel233
intel233
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
193
WhosYourDiffie
WhosYourDiffie
AllenH12
  • Locked
  • Question
Bandwidth in Cisco ASA 5505
Replies
2
Views
348
AllenH12
AllenH12

Part and Inventory Search

Sponsor

Back
Top