How to allow telnet access to one ip in dmz

dan_track · ‎05-24-2007

Hi

I'd like to allow telnet access to ip 192.168.2.1 and 192.168.2.2 from our internal zone which has the ip range 10.0.0.0/8. Could someone please give me an example of how to do this, or point me in the right direction.

Many Thanks

Dan

hoogen_82 · ‎05-24-2007

Hi,

By default from inside to dmz all access is permited. The only you got to have in place is a nat translation for IP's in internal lan to access dmz.

your config could be

nat (inside) 2 10.0.0.0 255.0.0.0

global (dmz) 2 interface

If you have access-list on your internal interface then you need to add the command

access-list inside_dmz extended permit tcp 10.0.0.0 255.0.0.0 host 192.168.2.1 eq 23

access-list inside_dmz extended permit tcp 10.0.0.0 255.0.0.0 host 192.168.2.2 eq 23

You dont need the above statements if you don't have an access-list.

HTH

Hoogen

Do rate if this post is helpful :)

dan_track · ‎05-24-2007

Hi

Many Thanks for your reply. I forgot to mention that the I'm trying to access the ip's (i.e 192.168.1.x) I've configured on two switches which are in a DMZ which has public ip addresses.

Will the above still work. I was thinking of adding a route command to tell the network that 192.168.2.x is through interface4 on the pix.

Does the above change anything?

Thanks

Dan

zulqurnain · ‎05-24-2007

hello,

from what i have understood this is what you can do.

telnet 192.168.2.1 255.255.255.255 inside

telnet 192.168.2.2 255.255.255.255 inside

HTH, please rate it