How to allow telnet access to one ip in dmz

Unanswered Question
May 24th, 2007
User Badges:

Hi


I'd like to allow telnet access to ip 192.168.2.1 and 192.168.2.2 from our internal zone which has the ip range 10.0.0.0/8. Could someone please give me an example of how to do this, or point me in the right direction.


Many Thanks

Dan

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
hoogen_82 Thu, 05/24/2007 - 01:43
User Badges:
  • Silver, 250 points or more

Hi,


By default from inside to dmz all access is permited. The only you got to have in place is a nat translation for IP's in internal lan to access dmz.


your config could be


nat (inside) 2 10.0.0.0 255.0.0.0

global (dmz) 2 interface


If you have access-list on your internal interface then you need to add the command


access-list inside_dmz extended permit tcp 10.0.0.0 255.0.0.0 host 192.168.2.1 eq 23


access-list inside_dmz extended permit tcp 10.0.0.0 255.0.0.0 host 192.168.2.2 eq 23


You dont need the above statements if you don't have an access-list.


HTH

Hoogen


Do rate if this post is helpful :)

dan_track Thu, 05/24/2007 - 02:32
User Badges:

Hi


Many Thanks for your reply. I forgot to mention that the I'm trying to access the ip's (i.e 192.168.1.x) I've configured on two switches which are in a DMZ which has public ip addresses.


Will the above still work. I was thinking of adding a route command to tell the network that 192.168.2.x is through interface4 on the pix.


Does the above change anything?


Thanks

Dan

zulqurnain Thu, 05/24/2007 - 01:47
User Badges:
  • Bronze, 100 points or more

hello,


from what i have understood this is what you can do.


telnet 192.168.2.1 255.255.255.255 inside

telnet 192.168.2.2 255.255.255.255 inside


HTH, please rate it



Actions

This Discussion