05-24-2007 01:11 AM - edited 03-11-2019 03:19 AM
Hi
I'd like to allow telnet access to ip 192.168.2.1 and 192.168.2.2 from our internal zone which has the ip range 10.0.0.0/8. Could someone please give me an example of how to do this, or point me in the right direction.
Many Thanks
Dan
05-24-2007 01:43 AM
Hi,
By default from inside to dmz all access is permited. The only you got to have in place is a nat translation for IP's in internal lan to access dmz.
your config could be
nat (inside) 2 10.0.0.0 255.0.0.0
global (dmz) 2 interface
If you have access-list on your internal interface then you need to add the command
access-list inside_dmz extended permit tcp 10.0.0.0 255.0.0.0 host 192.168.2.1 eq 23
access-list inside_dmz extended permit tcp 10.0.0.0 255.0.0.0 host 192.168.2.2 eq 23
You dont need the above statements if you don't have an access-list.
HTH
Hoogen
Do rate if this post is helpful :)
05-24-2007 02:32 AM
Hi
Many Thanks for your reply. I forgot to mention that the I'm trying to access the ip's (i.e 192.168.1.x) I've configured on two switches which are in a DMZ which has public ip addresses.
Will the above still work. I was thinking of adding a route command to tell the network that 192.168.2.x is through interface4 on the pix.
Does the above change anything?
Thanks
Dan
05-24-2007 01:47 AM
hello,
from what i have understood this is what you can do.
telnet 192.168.2.1 255.255.255.255 inside
telnet 192.168.2.2 255.255.255.255 inside
HTH, please rate it
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide