Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Need help with Pix 515E 6.3(5)


Sorry for my very bad english. ¿Spanish support?

PIX 515E 6.3(5)



router to internet:

The internet router forward all ports to pix outside interface.

I need to configure a "public terminal server" with ip address

How I configure PIX to port forwarding traffic on port 3389 to


Diego Fernández

New Member

Re: Need help with Pix 515E 6.3(5)

!Hola! Sinor Fernandez,

To access TS from outside, in order you will need to configure the pix just like this:

1-Make a publication of your internal host to the outside interface. Make sure is routable from the outside router.

static (inside, outside) netmask

2-Add an ACL to permit traffic going from the outside intf to the inside network

access-list outside permit tcp any host eq 3389

3-Bind the outside access-list to the outside intf

access-group outside in interface outside

There's information under these links:

Access-list configuration guide

Static configuration guide



New Member

Re: Need help with Pix 515E 6.3(5)

Sorry, the config no run.

If the internet router forward port 3389 to I can connect to server, because de internet router is forwarding all traffic to interface outside (

I need configure PIX for forwarding traffice on port 3389 to

¿How to NAPT port 3389 to

Very thanks.

New Member

Re: Need help with Pix 515E 6.3(5)

To help you, here's 2 samples from Cisco web site regarding port forwarding.

1)The static command provides the translation for Telnet. The nat and global commands provide PAT for all other outbound connections from the server.

If you have a separate translation for all inside traffic that uses a different global address, you can still configure the Telnet server to use the same address as the static statement by creating a more exclusive nat statement just for that server. Because nat statements are read for the best match, more exclusive nat statements are matched before general statements.

static (inside,outside) tcp telnet telnet netmask

nat (inside) 1

global (outside) 1 netmask

nat (inside) 2

global (outside) 2 netmask

2)To translate a well-known port (80) to another port (8080), enter:

static (inside,outside) tcp 80 8080 netmask



CreatePlease to create content