我们有一个相当基本的 ACL 和 NAT 规则,允许 RDP 入站和 NAT 到 LAN IP(所有 IP 都替换为知识产权)
object network STATIC-PAT-RDP
host IP
access-list outside_access_in extended permit object TerminalServices any object IP log debugging
access-list OUTSIDE-IN remark Allow RDP
access-list OUTSIDE-IN extended permit tcp any object STATIC-PAT-RDP eq 3389
object network STATIC-PAT-RDP
nat (inside,outside) static interface service tcp 3389 3389
access-group OUTSIDE-IN in interface outside
然而,当它到达 WAN 接口时,连接就会断开:
7 May 05 2015 11:37:56 IP 4335 IP 3389 TCP request discarded from IP to outside:IP
我个人以前从未见过这种情况 - 设备正在通过 netstat -ano 监听 3389 并且我可以在内部进行 RDP。