ASA 5505 NAT configuration

By Bowman ·
I am setting up a new ASA 5505 for static ip. I am trying to setup RDP to specific internal IP addresses runing NAT. I have tried 2 different configurations and I still cannot RDP into Here is the cfg.

name NT1 description Email Server
name NT2 description Web Server
name Bob-Bloom
name Jason-Pate
name Mike-Merk
interface Vlan1
nameif inside
security-level 100
ip address
interface Vlan2
nameif outside
security-level 0
ip address XX.230.227.162
interface Vlan3
no forward interface Vlan1
nameif dmz
security-level 50
no ip address
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
switchport access vlan 3
interface Ethernet0/7
switchport access vlan 3
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
dns server-group DefaultDNS
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group service DM_INLINE_TCP_1 tcp
port-object eq 3389
port-object eq www
port-object eq https
port-object eq smtp
object-group service DM_INLINE_TCP_2 tcp
port-object eq 3389
port-object eq ftp
port-object eq www
access-list outside_access_in extended permit tcp any host NT1 object-group DM_INLINE_TCP_1
access-list outside_access_in extended permit tcp any host NT2 object-group DM_INLINE_TCP_2
access-list outside_access_in extended permit tcp any host Mike-Merk eq 3389
access-list outside_access_in extended permit tcp any host Jason-Pate eq 3389
access-list outside_access_in extended permit tcp any host Bob-Bloom eq 3389
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu dmz 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1
static (inside,outside) XX.230.227.163 NT1 netmask
static (inside,outside) XX.230.227.164 NT2 netmask
static (inside,outside) XX.230.227.165 netmask
static (inside,outside) XX.230.227.166 netmask
static (inside,outside) XX.230.227.167 netmask
static (inside,outside) XX.230.227.168 netmask
static (inside,outside) XX.230.227.169 netmask
static (inside,outside) XX.230.227.170 netmask
static (inside,outside) XX.230.227.172 Bob-Bloom netmask
static (inside,outside) XX.230.227.173 netmask
static (inside,outside) XX.230.227.174 Jason-Pate netmask
static (inside,outside) XX.230.227.175 netmask
static (inside,outside) XX.230.227.176 netmask
static (inside,outside) XX.230.227.190 netmask
static (outside,inside) Mike-Merk XX.230.227.171 netmask
access-group outside_access_in in interface outside
route outside XX.230.227.161 1

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

bad static for mike-merk

by SYNner In reply to ASA 5505 NAT configuratio ...

bad static definition for mike-merk (

Collapse -

RE: Bad Static

by NetMan1958 In reply to bad static for mike-merk

To expand on what SYNer said,
static (outside,inside) Mike-Merk XX.230.227.171 netmask is backwards, it should be
static (inside,outside) XX.230.227.171 Mike-Merk netmask
Like the one above it:
static (inside,outside) XX.230.227.190 netmask

Related Discussions

Related Forums