cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
400
Views
0
Helpful
3
Replies

Problem with Local IP

cscisco_admin
Level 1
Level 1

Can anybody help me solving this prob?

ISP Router Conf:

1. One Public IP

2. One Private IP 192.168.2.1

PIX 515E:

1. External Interface (Public IP with Default GW ISP Router)

2. Private IP 192.168.2.3

3. Mapped IP for Terminal Server ( From Public IP Range)

Terminal Server

1. Private IP 192.168.2.2 GW 192.168.2.3

Users from Private IP Range 192.168.2.11-192.168.2.20 are unable to connect to Terminal Server using Mapped IP in PIX.

Thanks!

When i checked the loggin it says:

No route to 192.168.2.11 from Public IP on PIX.

192.168.2.11 is my client pc trying to ping the public ip of pix.

3 Replies 3

would you please post the configuration of the ASA and if possible a diagram of network connection.

PIX Version 6.3(4)

interface ethernet0 100full

interface ethernet1 100full

interface ethernet2 auto shutdown

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 intf2 security4

enable password encrypted

passwd encrypted

hostname Pix

domain-name pix.com

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

names

access-list 110 permit tcp any host public ip eq 3389

access-list acl_outbound deny tcp any any eq www

pager lines 24

logging console debugging

logging monitor debugging

mtu outside 1500

mtu inside 1500

mtu intf2 1500

ip address outside Public IP Netmask

ip address inside 192.168.2.3 255.255.255.0

no ip address intf2

ip audit info action alarm

ip audit attack action alarm

pdm location 192.168.2.217 255.255.255.255 inside

pdm location 192.168.2.2 255.255.255.255 inside

pdm history enable

arp timeout 14400

static (inside,outside) mapped public ip 192.168.2.2 netmask 255.255.255.255 0 0

access-group 110 in interface outside

access-group acl_outbound in interface inside

route outside 0.0.0.0 0.0.0.0 Public IP 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

http server enable

http 192.168.2.217 255.255.255.255 inside

http 192.168.2.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

telnet 192.168.2.0 255.255.255.0 inside

telnet timeout 5

ssh timeout 5

console timeout 0

terminal width 80

I don't have a diagram but I have one cisco router from my isp with One Public IP address and One Private IP 192.168.2.1. The private IP range 192.168.2.0 is being used for one of our branches that has a bridged connection directly conneting to the wan switch. The Ethernet cable from isp's router is connected to the wan switch and another ethernet cable is directly connected to the wan switch having the IP Range of 192.168.2.0. My Terminal Server's External Interface is also connected to this WAN switch with an ip of 192.168.2.2 and default GW 192.168.2.3 (PIX Internal Interface).

Everybody from Internet can connect to my terminal server at mapped public ip but only people coming from 192.168.2.0 cannot connect.

Thanks!

Farrukh Haroon
VIP Alumni
VIP Alumni

You are not allowed to ping any interface of the PIX/ASA when coming through another interface

Regards

Farrukh

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: