Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Problem with Local IP

Can anybody help me solving this prob?

ISP Router Conf:

1. One Public IP

2. One Private IP

PIX 515E:

1. External Interface (Public IP with Default GW ISP Router)

2. Private IP

3. Mapped IP for Terminal Server ( From Public IP Range)

Terminal Server

1. Private IP GW

Users from Private IP Range are unable to connect to Terminal Server using Mapped IP in PIX.


When i checked the loggin it says:

No route to from Public IP on PIX. is my client pc trying to ping the public ip of pix.

Community Member

Re: Problem with Local IP

would you please post the configuration of the ASA and if possible a diagram of network connection.

Community Member

Re: Problem with Local IP

PIX Version 6.3(4)

interface ethernet0 100full

interface ethernet1 100full

interface ethernet2 auto shutdown

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 intf2 security4

enable password encrypted

passwd encrypted

hostname Pix


fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69


access-list 110 permit tcp any host public ip eq 3389

access-list acl_outbound deny tcp any any eq www

pager lines 24

logging console debugging

logging monitor debugging

mtu outside 1500

mtu inside 1500

mtu intf2 1500

ip address outside Public IP Netmask

ip address inside

no ip address intf2

ip audit info action alarm

ip audit attack action alarm

pdm location inside

pdm location inside

pdm history enable

arp timeout 14400

static (inside,outside) mapped public ip netmask 0 0

access-group 110 in interface outside

access-group acl_outbound in interface inside

route outside Public IP 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

http server enable

http inside

http inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

telnet inside

telnet timeout 5

ssh timeout 5

console timeout 0

terminal width 80

I don't have a diagram but I have one cisco router from my isp with One Public IP address and One Private IP The private IP range is being used for one of our branches that has a bridged connection directly conneting to the wan switch. The Ethernet cable from isp's router is connected to the wan switch and another ethernet cable is directly connected to the wan switch having the IP Range of My Terminal Server's External Interface is also connected to this WAN switch with an ip of and default GW (PIX Internal Interface).

Everybody from Internet can connect to my terminal server at mapped public ip but only people coming from cannot connect.


Re: Problem with Local IP

You are not allowed to ping any interface of the PIX/ASA when coming through another interface



CreatePlease to create content