RDP on Cisco Pix 506e

Answered Question

I'm trying to configure the translation rules on my Cisco Pix 506e, but I'm having some trouble. I'm simply trying to translate my outside ip address (75.146.94.108) to a machine on the local network (10.10.10.224) so I can RDP to it.


I'm not great with firewall configurations, so your help is needed.


Building configuration...
: Saved
:
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password DkreNA9TaOYv27T8 encrypted
passwd c4EBnG8v5uKhu.PA encrypted
hostname EWMS-PIX-630
domain-name ciscopix.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
object-group service test udp
  port-object eq isakmp
access-list inside_access_in permit ip any any
access-list inside_access_in permit tcp any any
access-list inside_access_in permit icmp any any
access-list inside_access_in permit esp any any
access-list inside_access_in permit tcp any eq www any
access-list inside_outbound_nat0_acl permit ip interface inside 10.10.10.96 255.255.255.240
access-list inside_outbound_nat0_acl permit ip any 10.10.10.192 255.255.255.224
access-list outside_access_in permit tcp any eq 3389 any
pager lines 24
logging timestamp
logging trap debugging
logging host inside 10.10.10.13
mtu outside 1500
mtu inside 1500
ip address outside 75.146.94.109 255.255.255.248
ip address inside 10.10.10.254 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm location 10.10.10.1 255.255.255.255 inside
pdm location 10.10.10.13 255.255.255.255 inside
pdm location 10.10.10.253 255.255.255.255 inside
pdm location 75.146.94.105 255.255.255.255 inside
pdm location 75.146.94.106 255.255.255.255 inside
pdm location 10.10.10.96 255.255.255.240 outside
pdm location 10.10.10.192 255.255.255.224 outside
pdm location 75.146.94.108 255.255.255.255 outside
pdm location 75.146.94.0 255.255.255.0 outside
pdm location 10.10.10.224 255.255.255.255 inside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 10 interface
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 10 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 75.146.94.108 10.10.10.224 netmask 255.255.255.255 0 0
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 75.146.94.110 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server RADIUS (inside) host 10.10.10.1 timeout 10
aaa-server LOCAL protocol local
http server enable
http 10.10.10.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
isakmp enable outside
isakmp peer ip 206.196.18.227 no-xauth no-config-mode
isakmp nat-traversal 20
isakmp policy 20 authentication rsa-sig
isakmp policy 20 encryption des
isakmp policy 20 hash md5
isakmp policy 20 group 1
isakmp policy 20 lifetime 86400
isakmp policy 40 authentication pre-share
isakmp policy 40 encryption des
isakmp policy 40 hash md5
isakmp policy 40 group 2
isakmp policy 40 lifetime 86400
isakmp policy 60 authentication rsa-sig
isakmp policy 60 encryption des
isakmp policy 60 hash md5
isakmp policy 60 group 2
isakmp policy 60 lifetime 86400
telnet 10.10.10.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 10.10.10.2-10.10.10.5 inside
dhcpd dns 68.87.72.130 68.87.77.130
dhcpd lease 3600
dhcpd ping_timeout 750
username btork password Ww3clvi.ynWeGweE encrypted privilege 15
vpnclient server 10.10.10.1
vpnclient mode client-mode
vpnclient vpngroup GroupA password ********
vpnclient username btork password ********
terminal width 80
Cryptochecksum:b6173470fdf7f608465e38dda2fb3a05
: end
[OK]




Thanks,

Brian

Correct Answer by Nagaraja Thanthry about 6 years 6 months ago

Hello,


What is the default gateway of the inside device? Is it poinitng to the PIX? If not, can you please change it to point to the PIX and see if that helps?


Regards,


NT


Message was edited by: Nagaraja Thanthry

Correct Answer by Nagaraja Thanthry about 6 years 6 months ago

Hello,


It seems like the IP you are using may not be getting any hits on the outside interface. Can you try the following:


no static (inside,outside) 75.146.94.108 10.10.10.224 netmask 255.255.255.255


static (inside,outside) tcp interface 3389 10.10.10.224 3389 netmask 255.255.255.255


Once you are done with the above configuration, try RDP to interface IP (.109) and see if that works.


Regards,


NT

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
praprama Fri, 09/17/2010 - 08:16
User Badges:
  • Cisco Employee,

Hey Brian,


the Static looks alright:


static (inside,outside) 75.146.94.108 10.10.10.224 netmask  255.255.255.255


The problem is with the access-list applied on the outside interface "outside_access_in". The entry permits all TCP traffic with a "Source port of 3389" to any destination. It should actually be in the "Destination port section" as TCP/3389 is the port that the PC (10.10.10.224) listens on on when you try to RDP to it. Thta is, it should look like below:


access-list outside_access_in permit tcp any any eq 3389


If you would like to be more specific, you can use:


access-list outside_access_in permit tcp any host 75.146.94.108 eq 3389


Let me know if this helps!!


Regards,

Prapanch

I made the change, but still no luck. Updated config below.



Building configuration...
: Saved
:
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password DkreNA9TaOYv27T8 encrypted
passwd c4EBnG8v5uKhu.PA encrypted
hostname EWMS-PIX-630
domain-name ciscopix.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
object-group service test udp
  port-object eq isakmp
access-list inside_access_in permit ip any any
access-list inside_access_in permit tcp any any
access-list inside_access_in permit icmp any any
access-list inside_access_in permit esp any any
access-list inside_access_in permit tcp any eq www any
access-list inside_outbound_nat0_acl permit ip interface inside 10.10.10.96 255.255.255.240
access-list inside_outbound_nat0_acl permit ip any 10.10.10.192 255.255.255.224
access-list outside_access_in permit tcp any any eq 3389
pager lines 24
logging timestamp
logging trap debugging
logging host inside 10.10.10.13
mtu outside 1500
mtu inside 1500
ip address outside 75.146.94.109 255.255.255.248
ip address inside 10.10.10.254 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm location 10.10.10.1 255.255.255.255 inside
pdm location 10.10.10.13 255.255.255.255 inside
pdm location 10.10.10.253 255.255.255.255 inside
pdm location 75.146.94.105 255.255.255.255 inside
pdm location 75.146.94.106 255.255.255.255 inside
pdm location 10.10.10.96 255.255.255.240 outside
pdm location 10.10.10.192 255.255.255.224 outside
pdm location 75.146.94.108 255.255.255.255 outside
pdm location 75.146.94.0 255.255.255.0 outside
pdm location 10.10.10.224 255.255.255.255 inside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 10 interface
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 10 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 75.146.94.108 10.10.10.224 netmask 255.255.255.255 0 0
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 75.146.94.110 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server RADIUS (inside) host 10.10.10.1 timeout 10
aaa-server LOCAL protocol local
http server enable
http 10.10.10.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
isakmp enable outside
isakmp peer ip 206.196.18.227 no-xauth no-config-mode
isakmp nat-traversal 20
isakmp policy 20 authentication rsa-sig
isakmp policy 20 encryption des
isakmp policy 20 hash md5
isakmp policy 20 group 1
isakmp policy 20 lifetime 86400
isakmp policy 40 authentication pre-share
isakmp policy 40 encryption des
isakmp policy 40 hash md5
isakmp policy 40 group 2
isakmp policy 40 lifetime 86400
isakmp policy 60 authentication rsa-sig
isakmp policy 60 encryption des
isakmp policy 60 hash md5
isakmp policy 60 group 2
isakmp policy 60 lifetime 86400
telnet 10.10.10.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 10.10.10.2-10.10.10.5 inside
dhcpd dns 68.87.72.130 68.87.77.130
dhcpd lease 3600
dhcpd ping_timeout 750
username btork password Ww3clvi.ynWeGweE encrypted privilege 15
vpnclient server 10.10.10.1
vpnclient mode client-mode
vpnclient vpngroup GroupA password ********
vpnclient username btork password ********
terminal width 80
Cryptochecksum:b6173470fdf7f608465e38dda2fb3a05
: end
[OK]

Correct Answer
Nagaraja Thanthry Fri, 09/17/2010 - 08:40
User Badges:
  • Cisco Employee,

Hello,


It seems like the IP you are using may not be getting any hits on the outside interface. Can you try the following:


no static (inside,outside) 75.146.94.108 10.10.10.224 netmask 255.255.255.255


static (inside,outside) tcp interface 3389 10.10.10.224 3389 netmask 255.255.255.255


Once you are done with the above configuration, try RDP to interface IP (.109) and see if that works.


Regards,


NT

That does not seem to work either. New config below.


Building configuration...
: Saved
:
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password DkreNA9TaOYv27T8 encrypted
passwd c4EBnG8v5uKhu.PA encrypted
hostname EWMS-PIX-630
domain-name ciscopix.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
object-group service test udp
  port-object eq isakmp
access-list inside_access_in permit ip any any
access-list inside_access_in permit tcp any any
access-list inside_access_in permit icmp any any
access-list inside_access_in permit esp any any
access-list inside_access_in permit tcp any eq www any
access-list inside_outbound_nat0_acl permit ip interface inside 10.10.10.96 255.255.255.240
access-list inside_outbound_nat0_acl permit ip any 10.10.10.192 255.255.255.224
access-list outside_access_in permit tcp any any eq 3389
pager lines 24
logging timestamp
logging trap debugging
logging host inside 10.10.10.13
mtu outside 1500
mtu inside 1500
ip address outside 75.146.94.109 255.255.255.248
ip address inside 10.10.10.254 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm location 10.10.10.1 255.255.255.255 inside
pdm location 10.10.10.13 255.255.255.255 inside
pdm location 10.10.10.253 255.255.255.255 inside
pdm location 75.146.94.105 255.255.255.255 inside
pdm location 75.146.94.106 255.255.255.255 inside
pdm location 10.10.10.96 255.255.255.240 outside
pdm location 10.10.10.192 255.255.255.224 outside
pdm location 75.146.94.108 255.255.255.255 outside
pdm location 75.146.94.0 255.255.255.0 outside
pdm location 10.10.10.224 255.255.255.255 inside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 10 interface
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 10 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp interface 3389 10.10.10.224 3389 netmask 255.255.255.255 0 0
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 75.146.94.110 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server RADIUS (inside) host 10.10.10.1 timeout 10
aaa-server LOCAL protocol local
http server enable
http 10.10.10.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
isakmp enable outside
isakmp peer ip 206.196.18.227 no-xauth no-config-mode
isakmp nat-traversal 20
isakmp policy 20 authentication rsa-sig
isakmp policy 20 encryption des
isakmp policy 20 hash md5
isakmp policy 20 group 1
isakmp policy 20 lifetime 86400
isakmp policy 40 authentication pre-share
isakmp policy 40 encryption des
isakmp policy 40 hash md5
isakmp policy 40 group 2
isakmp policy 40 lifetime 86400
isakmp policy 60 authentication rsa-sig
isakmp policy 60 encryption des
isakmp policy 60 hash md5
isakmp policy 60 group 2
isakmp policy 60 lifetime 86400
telnet 10.10.10.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 10.10.10.2-10.10.10.5 inside
dhcpd dns 68.87.72.130 68.87.77.130
dhcpd lease 3600
dhcpd ping_timeout 750
username btork password Ww3clvi.ynWeGweE encrypted privilege 15
vpnclient server 10.10.10.1
vpnclient mode client-mode
vpnclient vpngroup GroupA password ********
vpnclient username btork password ********
terminal width 80
Cryptochecksum:b6173470fdf7f608465e38dda2fb3a05
: end
[OK]

Nagaraja Thanthry Fri, 09/17/2010 - 09:20
User Badges:
  • Cisco Employee,

Hello,


With the current configuration, can you add the following line:


access-list outside_access_in line 1 permit tcp any interface outside eq 3389


Once that is done, try RDP from internet to the outside interface IP of the firewall. If it is still not working, please post the output of "show access-list outside_access_in" command here.


Regards,


NT

praprama Fri, 09/17/2010 - 08:55
User Badges:
  • Cisco Employee,

Hey,


1) Are you able to RDP to that host 10.10.10.224 from any host on the inside LAN?


2) What does the  output of "show access-list outside_access-in" look like when trying to RDP to it? Do you see hit counts incrementing? If not, then packets may not be reaching the PIX in the first place.


Also, it will be worthwhile applying captures on the PIX's outside and inside interfaces to see how packets are flowing. Please refer the below document for more help:


https://supportforums.cisco.com/docs/DOC-1222


let me know how it goes!!


Regards,

Prapanch

The hit count is increasing and I am able to RDP from an inside ip address.



Result of firewall command: "show access-list outside_access_in"

access-list outside_access_in; 2 elements
access-list outside_access_in line 1 permit tcp any interface outside eq 3389 (hitcnt=1)
access-list outside_access_in line 2 permit tcp any any eq 3389 (hitcnt=11)


Result of firewall command: "show access-list outside_access_in"

access-list outside_access_in; 2 elements
access-list outside_access_in line 1 permit tcp any interface outside eq 3389 (hitcnt=2)
access-list outside_access_in line 2 permit tcp any any eq 3389 (hitcnt=11)


Result of firewall command: "show access-list outside_access_in"


access-list outside_access_in; 2 elements
access-list outside_access_in line 1 permit tcp any interface outside eq 3389 (hitcnt=3)
access-list outside_access_in line 2 permit tcp any any eq 3389 (hitcnt=11)



Brian

praprama Fri, 09/17/2010 - 09:47
User Badges:
  • Cisco Employee,

Do you have syslogs from the PIX when trying to RDP to the inside PC? Enable logs using:


logging enable

logging buffered 7


To view the logs, use the command "show logg".  Please try connection and paste the outputs here. Also, try applying captures as well on the outside and inside interfaces.


Regards,

Prapanch

Result of firewall command: "show logg"


Syslog logging: enabled


    Facility: 20


    Timestamp logging: enabled


    Standby logging: disabled


    Console logging: disabled


    Monitor logging: disabled


    Buffer logging: level debugging, 82 messages logged


    Trap logging: level debugging, 85 messages logged


        Logging to inside 10.10.10.13


    History logging: disabled


    Device ID: disabled


.10.10.13/137 to inside:10.10.10.255/netbios-ns


710005: UDP request discarded from 10.10.10.11/137 to inside:10.10.10.255/netbios-ns


710005: UDP request discarded from 10.10.10.13/137 to inside:10.10.10.255/netbios-ns


710005: UDP request discarded from 10.10.10.11/137 to inside:10.10.10.255/netbios-ns


302010: 0 in use, 119 most used


710005: UDP request discarded from 10.10.10.13/137 to inside:10.10.10.255/netbios-ns


710005: UDP request discarded from 10.10.10.11/137 to inside:10.10.10.255/netbios-ns


710005: UDP request discarded from 10.10.10.13/137 to inside:10.10.10.255/netbios-ns


710005: UDP request discarded from 10.10.10.11/137 to inside:10.10.10.255/netbios-ns


710005: UDP request discarded from 10.10.10.14/138 to inside:10.10.10.255/netbios-dgm


710005: UDP request discarded from 10.10.10.16/6515 to inside:255.255.255.255/6514


710005: UDP request discarded from 10.10.10.16/6515 to outside:255.255.255.255/6514


710005: UDP request discarded from 10.10.10.11/138 to inside:10.10.10.255/netbios-dgm


710005: UDP request discarded from 10.10.10.23/137 to inside:10.10.10.255/netbios-ns


710005: UDP request discarded from 10.10.10.23/137 to inside:10.10.10.255/netbios-ns


710005: UDP request discarded from 10.10.10.23/137 to inside:10.10.10.255/netbios-ns


710005: UDP request discarded from 10.10.10.23/137 to inside:10.10.10.255/netbios-ns


710005: UDP request discarded from 10.10.10.23/137 to inside:10.10.10.255/netbios-ns


710005: UDP request discarded from 10.10.10.23/137 to inside:10.10.10.255/netbios-ns


710005: UDP request discarded from 10.10.10.23/137 to inside:10.10.10.255/netbios-ns


710005: UDP request discarded from 10.10.10.15/138 to inside:10.10.10.255/netbios-dgm


710005: UDP request discarded from 10.10.10.23/137 to inside:10.10.10.255/netbios-ns


710005: UDP request discarded from 10.10.10.23/137 to inside:10.10.10.255/netbios-ns


710005: UDP request discarded from 10.10.10.16/138 to inside:10.10.10.255/netbios-dgm


710005: UDP request discarded from 10.10.10.21/138 to inside:10.10.10.255/netbios-dgm


710005: UDP request discarded from 10.10.10.13/137 to inside:10.10.10.255/netbios-ns


710005: UDP request discarded from 10.10.10.11/137 to inside:10.10.10.255/netbios-ns


710005: UDP request discarded from 10.10.10.13/137 to inside:10.10.10.255/netbios-ns


710005: UDP request discarded from 10.10.10.11/137 to inside:10.10.10.255/netbios-ns


710005: UDP request discarded from 10.10.10.13/137 to inside:10.10.10.255/netbios-ns


710005: UDP request discarded from 10.10.10.11/137 to inside:10.10.10.255/netbios-ns


710005: UDP request discarded from 10.10.10.13/137 to inside:10.10.10.255/netbios-ns


710005: UDP request discarded from 10.10.10.11/137 to inside:10.10.10.255/netbios-ns


710005: UDP request discarded from 10.10.10.13/137 to inside:10.10.10.255/netbios-ns


710005: UDP request discarded from 10.10.10.11/137 to inside:10.10.10.255/netbios-ns


710005: UDP request discarded from 10.10.10.13/137 to inside:10.10.10.255/netbios-ns


710005: UDP request discarded from 10.10.10.11/137 to inside:10.10.10.255/netbios-ns


710005: UDP request discarded from 10.10.10.1/138 to inside:10.10.10.255/netbios-dgm


710001: TCP access requested from 10.10.10.1/34802 to inside:10.10.10.254/https


710002: TCP access permitted from 10.10.10.1/34802 to inside:10.10.10.254/https


605005: Login permitted from 10.10.10.1/34802 to inside:10.10.10.254/https for user "enable_15"


111009: User 'enable_15' executed cmd: show logging


710005: UDP request discarded from 10.10.10.17/138 to inside:10.10.10.255/netbios-dgm


710005: UDP request discarded from 10.10.10.19/138 to inside:10.10.10.255/netbios-dgm


302010: 0 in use, 119 most used


609001: Built local-host inside:10.10.10.1


305011: Built static TCP translation from inside:10.10.10.1/3389 to outside:75.146.94.109/3389


302013: Built inbound TCP connection 789 for outside:173.111.16.122/49242 (173.111.16.122/49242) to inside:10.10.10.1/3389 (75.146.94.109/3389)


710001: TCP access requested from 10.10.10.1/34806 to inside:10.10.10.254/https


710002: TCP access permitted from 10.10.10.1/34806 to inside:10.10.10.254/https



Brian

Nagaraja Thanthry Fri, 09/17/2010 - 10:24
User Badges:
  • Cisco Employee,

Hello Brian,


Did you check the default gateway on the PC?


Regards,


NT

Correct Answer
Nagaraja Thanthry Fri, 09/17/2010 - 09:53
User Badges:
  • Cisco Employee,

Hello,


What is the default gateway of the inside device? Is it poinitng to the PIX? If not, can you please change it to point to the PIX and see if that helps?


Regards,


NT


Message was edited by: Nagaraja Thanthry

Actions

This Discussion