Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Access-List to allow remote to access local network

Remote pix need to access my local network I am not quite sure on ACL needed. Below is the e-mail received from the remote tech. Also my pix config is attached

I'm attempting to ping your NAT'd IP address and this is unreachable on our end. Please be sure that your security device allows traffic initiated from e-MDs as well.

Hall of Fame Super Blue

Re: Access-List to allow remote to access local network


Your VPN is setup so that any client in the network will be natted to when they try to connect to either or

But for them to be able to initiate a connection to you you need to statically map an ip address. So what remote IP are they trying to ping. If they are trying to ping and the tunnel is not up then your firewall has no way of knowing which 192.168.0.x address the address is meant to NAT to.

Hopefully this makes sense. What IP address are they trying to get to ie. what internal server do they want to access 192.168.0.??


Community Member

Re: Access-List to allow remote to access local network

I the internal server they want to access is

CreatePlease to create content