Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

RDP on Cisco Pix 506e

I'm trying to configure the translation rules on my Cisco Pix 506e, but I'm having some trouble. I'm simply trying to translate my outside ip address (75.146.94.108) to a machine on the local network (10.10.10.224) so I can RDP to it.

I'm not great with firewall configurations, so your help is needed.

Building configuration...
: Saved
:
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password DkreNA9TaOYv27T8 encrypted
passwd c4EBnG8v5uKhu.PA encrypted
hostname EWMS-PIX-630
domain-name ciscopix.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
object-group service test udp
  port-object eq isakmp
access-list inside_access_in permit ip any any
access-list inside_access_in permit tcp any any
access-list inside_access_in permit icmp any any
access-list inside_access_in permit esp any any
access-list inside_access_in permit tcp any eq www any
access-list inside_outbound_nat0_acl permit ip interface inside 10.10.10.96 255.255.255.240
access-list inside_outbound_nat0_acl permit ip any 10.10.10.192 255.255.255.224
access-list outside_access_in permit tcp any eq 3389 any
pager lines 24
logging timestamp
logging trap debugging
logging host inside 10.10.10.13
mtu outside 1500
mtu inside 1500
ip address outside 75.146.94.109 255.255.255.248
ip address inside 10.10.10.254 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm location 10.10.10.1 255.255.255.255 inside
pdm location 10.10.10.13 255.255.255.255 inside
pdm location 10.10.10.253 255.255.255.255 inside
pdm location 75.146.94.105 255.255.255.255 inside
pdm location 75.146.94.106 255.255.255.255 inside
pdm location 10.10.10.96 255.255.255.240 outside
pdm location 10.10.10.192 255.255.255.224 outside
pdm location 75.146.94.108 255.255.255.255 outside
pdm location 75.146.94.0 255.255.255.0 outside
pdm location 10.10.10.224 255.255.255.255 inside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 10 interface
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 10 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 75.146.94.108 10.10.10.224 netmask 255.255.255.255 0 0
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 75.146.94.110 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server RADIUS (inside) host 10.10.10.1 timeout 10
aaa-server LOCAL protocol local
http server enable
http 10.10.10.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
isakmp enable outside
isakmp peer ip 206.196.18.227 no-xauth no-config-mode
isakmp nat-traversal 20
isakmp policy 20 authentication rsa-sig
isakmp policy 20 encryption des
isakmp policy 20 hash md5
isakmp policy 20 group 1
isakmp policy 20 lifetime 86400
isakmp policy 40 authentication pre-share
isakmp policy 40 encryption des
isakmp policy 40 hash md5
isakmp policy 40 group 2
isakmp policy 40 lifetime 86400
isakmp policy 60 authentication rsa-sig
isakmp policy 60 encryption des
isakmp policy 60 hash md5
isakmp policy 60 group 2
isakmp policy 60 lifetime 86400
telnet 10.10.10.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 10.10.10.2-10.10.10.5 inside
dhcpd dns 68.87.72.130 68.87.77.130
dhcpd lease 3600
dhcpd ping_timeout 750
username btork password Ww3clvi.ynWeGweE encrypted privilege 15
vpnclient server 10.10.10.1
vpnclient mode client-mode
vpnclient vpngroup GroupA password ********
vpnclient username btork password ********
terminal width 80
Cryptochecksum:b6173470fdf7f608465e38dda2fb3a05
: end
[OK]

Thanks,

Brian

2 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

Re: RDP on Cisco Pix 506e

Hello,

It seems like the IP you are using may not be getting any hits on the outside interface. Can you try the following:

no static (inside,outside) 75.146.94.108 10.10.10.224 netmask 255.255.255.255

static (inside,outside) tcp interface 3389 10.10.10.224 3389 netmask 255.255.255.255

Once you are done with the above configuration, try RDP to interface IP (.109) and see if that works.

Regards,

NT

Cisco Employee

Re: RDP on Cisco Pix 506e

Hello,

What is the default gateway of the inside device? Is it poinitng to the PIX? If not, can you please change it to point to the PIX and see if that helps?

Regards,

NT

Message was edited by: Nagaraja Thanthry

12 REPLIES
Cisco Employee

Re: RDP on Cisco Pix 506e

Hey Brian,

the Static looks alright:

static (inside,outside) 75.146.94.108 10.10.10.224 netmask  255.255.255.255

The problem is with the access-list applied on the outside interface "outside_access_in". The entry permits all TCP traffic with a "Source port of 3389" to any destination. It should actually be in the "Destination port section" as TCP/3389 is the port that the PC (10.10.10.224) listens on on when you try to RDP to it. Thta is, it should look like below:

access-list outside_access_in permit tcp any any eq 3389

If you would like to be more specific, you can use:

access-list outside_access_in permit tcp any host 75.146.94.108 eq 3389

Let me know if this helps!!

Regards,

Prapanch

New Member

Re: RDP on Cisco Pix 506e

I made the change, but still no luck. Updated config below.

Building configuration...
: Saved
:
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password DkreNA9TaOYv27T8 encrypted
passwd c4EBnG8v5uKhu.PA encrypted
hostname EWMS-PIX-630
domain-name ciscopix.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
object-group service test udp
  port-object eq isakmp
access-list inside_access_in permit ip any any
access-list inside_access_in permit tcp any any
access-list inside_access_in permit icmp any any
access-list inside_access_in permit esp any any
access-list inside_access_in permit tcp any eq www any
access-list inside_outbound_nat0_acl permit ip interface inside 10.10.10.96 255.255.255.240
access-list inside_outbound_nat0_acl permit ip any 10.10.10.192 255.255.255.224
access-list outside_access_in permit tcp any any eq 3389
pager lines 24
logging timestamp
logging trap debugging
logging host inside 10.10.10.13
mtu outside 1500
mtu inside 1500
ip address outside 75.146.94.109 255.255.255.248
ip address inside 10.10.10.254 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm location 10.10.10.1 255.255.255.255 inside
pdm location 10.10.10.13 255.255.255.255 inside
pdm location 10.10.10.253 255.255.255.255 inside
pdm location 75.146.94.105 255.255.255.255 inside
pdm location 75.146.94.106 255.255.255.255 inside
pdm location 10.10.10.96 255.255.255.240 outside
pdm location 10.10.10.192 255.255.255.224 outside
pdm location 75.146.94.108 255.255.255.255 outside
pdm location 75.146.94.0 255.255.255.0 outside
pdm location 10.10.10.224 255.255.255.255 inside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 10 interface
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 10 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 75.146.94.108 10.10.10.224 netmask 255.255.255.255 0 0
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 75.146.94.110 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server RADIUS (inside) host 10.10.10.1 timeout 10
aaa-server LOCAL protocol local
http server enable
http 10.10.10.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
isakmp enable outside
isakmp peer ip 206.196.18.227 no-xauth no-config-mode
isakmp nat-traversal 20
isakmp policy 20 authentication rsa-sig
isakmp policy 20 encryption des
isakmp policy 20 hash md5
isakmp policy 20 group 1
isakmp policy 20 lifetime 86400
isakmp policy 40 authentication pre-share
isakmp policy 40 encryption des
isakmp policy 40 hash md5
isakmp policy 40 group 2
isakmp policy 40 lifetime 86400
isakmp policy 60 authentication rsa-sig
isakmp policy 60 encryption des
isakmp policy 60 hash md5
isakmp policy 60 group 2
isakmp policy 60 lifetime 86400
telnet 10.10.10.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 10.10.10.2-10.10.10.5 inside
dhcpd dns 68.87.72.130 68.87.77.130
dhcpd lease 3600
dhcpd ping_timeout 750
username btork password Ww3clvi.ynWeGweE encrypted privilege 15
vpnclient server 10.10.10.1
vpnclient mode client-mode
vpnclient vpngroup GroupA password ********
vpnclient username btork password ********
terminal width 80
Cryptochecksum:b6173470fdf7f608465e38dda2fb3a05
: end
[OK]

Cisco Employee

Re: RDP on Cisco Pix 506e

Hello,

It seems like the IP you are using may not be getting any hits on the outside interface. Can you try the following:

no static (inside,outside) 75.146.94.108 10.10.10.224 netmask 255.255.255.255

static (inside,outside) tcp interface 3389 10.10.10.224 3389 netmask 255.255.255.255

Once you are done with the above configuration, try RDP to interface IP (.109) and see if that works.

Regards,

NT

New Member

Re: RDP on Cisco Pix 506e

That does not seem to work either. New config below.

Building configuration...
: Saved
:
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password DkreNA9TaOYv27T8 encrypted
passwd c4EBnG8v5uKhu.PA encrypted
hostname EWMS-PIX-630
domain-name ciscopix.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
object-group service test udp
  port-object eq isakmp
access-list inside_access_in permit ip any any
access-list inside_access_in permit tcp any any
access-list inside_access_in permit icmp any any
access-list inside_access_in permit esp any any
access-list inside_access_in permit tcp any eq www any
access-list inside_outbound_nat0_acl permit ip interface inside 10.10.10.96 255.255.255.240
access-list inside_outbound_nat0_acl permit ip any 10.10.10.192 255.255.255.224
access-list outside_access_in permit tcp any any eq 3389
pager lines 24
logging timestamp
logging trap debugging
logging host inside 10.10.10.13
mtu outside 1500
mtu inside 1500
ip address outside 75.146.94.109 255.255.255.248
ip address inside 10.10.10.254 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm location 10.10.10.1 255.255.255.255 inside
pdm location 10.10.10.13 255.255.255.255 inside
pdm location 10.10.10.253 255.255.255.255 inside
pdm location 75.146.94.105 255.255.255.255 inside
pdm location 75.146.94.106 255.255.255.255 inside
pdm location 10.10.10.96 255.255.255.240 outside
pdm location 10.10.10.192 255.255.255.224 outside
pdm location 75.146.94.108 255.255.255.255 outside
pdm location 75.146.94.0 255.255.255.0 outside
pdm location 10.10.10.224 255.255.255.255 inside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 10 interface
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 10 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp interface 3389 10.10.10.224 3389 netmask 255.255.255.255 0 0
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 75.146.94.110 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server RADIUS (inside) host 10.10.10.1 timeout 10
aaa-server LOCAL protocol local
http server enable
http 10.10.10.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
isakmp enable outside
isakmp peer ip 206.196.18.227 no-xauth no-config-mode
isakmp nat-traversal 20
isakmp policy 20 authentication rsa-sig
isakmp policy 20 encryption des
isakmp policy 20 hash md5
isakmp policy 20 group 1
isakmp policy 20 lifetime 86400
isakmp policy 40 authentication pre-share
isakmp policy 40 encryption des
isakmp policy 40 hash md5
isakmp policy 40 group 2
isakmp policy 40 lifetime 86400
isakmp policy 60 authentication rsa-sig
isakmp policy 60 encryption des
isakmp policy 60 hash md5
isakmp policy 60 group 2
isakmp policy 60 lifetime 86400
telnet 10.10.10.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 10.10.10.2-10.10.10.5 inside
dhcpd dns 68.87.72.130 68.87.77.130
dhcpd lease 3600
dhcpd ping_timeout 750
username btork password Ww3clvi.ynWeGweE encrypted privilege 15
vpnclient server 10.10.10.1
vpnclient mode client-mode
vpnclient vpngroup GroupA password ********
vpnclient username btork password ********
terminal width 80
Cryptochecksum:b6173470fdf7f608465e38dda2fb3a05
: end
[OK]

Cisco Employee

Re: RDP on Cisco Pix 506e

Hello,

With the current configuration, can you add the following line:

access-list outside_access_in line 1 permit tcp any interface outside eq 3389

Once that is done, try RDP from internet to the outside interface IP of the firewall. If it is still not working, please post the output of "show access-list outside_access_in" command here.

Regards,

NT

Cisco Employee

Re: RDP on Cisco Pix 506e

Hey,

1) Are you able to RDP to that host 10.10.10.224 from any host on the inside LAN?

2) What does the  output of "show access-list outside_access-in" look like when trying to RDP to it? Do you see hit counts incrementing? If not, then packets may not be reaching the PIX in the first place.

Also, it will be worthwhile applying captures on the PIX's outside and inside interfaces to see how packets are flowing. Please refer the below document for more help:

https://supportforums.cisco.com/docs/DOC-1222

let me know how it goes!!

Regards,

Prapanch

New Member

Re: RDP on Cisco Pix 506e

The hit count is increasing and I am able to RDP from an inside ip address.

Result of firewall command: "show access-list outside_access_in"

access-list outside_access_in; 2 elements
access-list outside_access_in line 1 permit tcp any interface outside eq 3389 (hitcnt=1)
access-list outside_access_in line 2 permit tcp any any eq 3389 (hitcnt=11)

Result of firewall command: "show access-list outside_access_in"

access-list outside_access_in; 2 elements
access-list outside_access_in line 1 permit tcp any interface outside eq 3389 (hitcnt=2)
access-list outside_access_in line 2 permit tcp any any eq 3389 (hitcnt=11)

Result of firewall command: "show access-list outside_access_in"

access-list outside_access_in; 2 elements
access-list outside_access_in line 1 permit tcp any interface outside eq 3389 (hitcnt=3)
access-list outside_access_in line 2 permit tcp any any eq 3389 (hitcnt=11)

Brian

Cisco Employee

Re: RDP on Cisco Pix 506e

Do you have syslogs from the PIX when trying to RDP to the inside PC? Enable logs using:

logging enable

logging buffered 7

To view the logs, use the command "show logg".  Please try connection and paste the outputs here. Also, try applying captures as well on the outside and inside interfaces.

Regards,

Prapanch

New Member

Re: RDP on Cisco Pix 506e

Result of firewall command: "show logg"

Syslog logging: enabled

    Facility: 20

    Timestamp logging: enabled

    Standby logging: disabled

    Console logging: disabled

    Monitor logging: disabled

    Buffer logging: level debugging, 82 messages logged

    Trap logging: level debugging, 85 messages logged

        Logging to inside 10.10.10.13

    History logging: disabled

    Device ID: disabled

.10.10.13/137 to inside:10.10.10.255/netbios-ns

710005: UDP request discarded from 10.10.10.11/137 to inside:10.10.10.255/netbios-ns

710005: UDP request discarded from 10.10.10.13/137 to inside:10.10.10.255/netbios-ns

710005: UDP request discarded from 10.10.10.11/137 to inside:10.10.10.255/netbios-ns

302010: 0 in use, 119 most used

710005: UDP request discarded from 10.10.10.13/137 to inside:10.10.10.255/netbios-ns

710005: UDP request discarded from 10.10.10.11/137 to inside:10.10.10.255/netbios-ns

710005: UDP request discarded from 10.10.10.13/137 to inside:10.10.10.255/netbios-ns

710005: UDP request discarded from 10.10.10.11/137 to inside:10.10.10.255/netbios-ns

710005: UDP request discarded from 10.10.10.14/138 to inside:10.10.10.255/netbios-dgm

710005: UDP request discarded from 10.10.10.16/6515 to inside:255.255.255.255/6514

710005: UDP request discarded from 10.10.10.16/6515 to outside:255.255.255.255/6514

710005: UDP request discarded from 10.10.10.11/138 to inside:10.10.10.255/netbios-dgm

710005: UDP request discarded from 10.10.10.23/137 to inside:10.10.10.255/netbios-ns

710005: UDP request discarded from 10.10.10.23/137 to inside:10.10.10.255/netbios-ns

710005: UDP request discarded from 10.10.10.23/137 to inside:10.10.10.255/netbios-ns

710005: UDP request discarded from 10.10.10.23/137 to inside:10.10.10.255/netbios-ns

710005: UDP request discarded from 10.10.10.23/137 to inside:10.10.10.255/netbios-ns

710005: UDP request discarded from 10.10.10.23/137 to inside:10.10.10.255/netbios-ns

710005: UDP request discarded from 10.10.10.23/137 to inside:10.10.10.255/netbios-ns

710005: UDP request discarded from 10.10.10.15/138 to inside:10.10.10.255/netbios-dgm

710005: UDP request discarded from 10.10.10.23/137 to inside:10.10.10.255/netbios-ns

710005: UDP request discarded from 10.10.10.23/137 to inside:10.10.10.255/netbios-ns

710005: UDP request discarded from 10.10.10.16/138 to inside:10.10.10.255/netbios-dgm

710005: UDP request discarded from 10.10.10.21/138 to inside:10.10.10.255/netbios-dgm

710005: UDP request discarded from 10.10.10.13/137 to inside:10.10.10.255/netbios-ns

710005: UDP request discarded from 10.10.10.11/137 to inside:10.10.10.255/netbios-ns

710005: UDP request discarded from 10.10.10.13/137 to inside:10.10.10.255/netbios-ns

710005: UDP request discarded from 10.10.10.11/137 to inside:10.10.10.255/netbios-ns

710005: UDP request discarded from 10.10.10.13/137 to inside:10.10.10.255/netbios-ns

710005: UDP request discarded from 10.10.10.11/137 to inside:10.10.10.255/netbios-ns

710005: UDP request discarded from 10.10.10.13/137 to inside:10.10.10.255/netbios-ns

710005: UDP request discarded from 10.10.10.11/137 to inside:10.10.10.255/netbios-ns

710005: UDP request discarded from 10.10.10.13/137 to inside:10.10.10.255/netbios-ns

710005: UDP request discarded from 10.10.10.11/137 to inside:10.10.10.255/netbios-ns

710005: UDP request discarded from 10.10.10.13/137 to inside:10.10.10.255/netbios-ns

710005: UDP request discarded from 10.10.10.11/137 to inside:10.10.10.255/netbios-ns

710005: UDP request discarded from 10.10.10.1/138 to inside:10.10.10.255/netbios-dgm

710001: TCP access requested from 10.10.10.1/34802 to inside:10.10.10.254/https

710002: TCP access permitted from 10.10.10.1/34802 to inside:10.10.10.254/https

605005: Login permitted from 10.10.10.1/34802 to inside:10.10.10.254/https for user "enable_15"

111009: User 'enable_15' executed cmd: show logging

710005: UDP request discarded from 10.10.10.17/138 to inside:10.10.10.255/netbios-dgm

710005: UDP request discarded from 10.10.10.19/138 to inside:10.10.10.255/netbios-dgm

302010: 0 in use, 119 most used

609001: Built local-host inside:10.10.10.1

305011: Built static TCP translation from inside:10.10.10.1/3389 to outside:75.146.94.109/3389

302013: Built inbound TCP connection 789 for outside:173.111.16.122/49242 (173.111.16.122/49242) to inside:10.10.10.1/3389 (75.146.94.109/3389)

710001: TCP access requested from 10.10.10.1/34806 to inside:10.10.10.254/https

710002: TCP access permitted from 10.10.10.1/34806 to inside:10.10.10.254/https

Brian

Cisco Employee

Re: RDP on Cisco Pix 506e

Hello Brian,

Did you check the default gateway on the PC?

Regards,

NT

Cisco Employee

Re: RDP on Cisco Pix 506e

Hello,

What is the default gateway of the inside device? Is it poinitng to the PIX? If not, can you please change it to point to the PIX and see if that helps?

Regards,

NT

Message was edited by: Nagaraja Thanthry

New Member

Re: RDP on Cisco Pix 506e

That was it. The destination device was using a different gateway since I didn't have the Cisco Pix completely setup yet.

Thanks for both of your help.

838
Views
0
Helpful
12
Replies
CreatePlease to create content