Secure path access

Unanswered Question
Jun 1st, 2009

Hi,

I have users behind the firewall and need to access telnet session to the xtrader.prudential.com port 10200.

we have DHCP so user IP changes and cannot configure user on static IP, what is the secure way to allow this on Cisco ASA 5510

LAN IP segment is 192.168.20.0/24

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jjohnston1127 Mon, 06/01/2009 - 05:46

I'm assuming you are talking about local users accessing the telnet session outbound through the firewall.

You'll need the IP of the host you provided, which from my ping DNS resolves it to 12.34.101.191.

Whatever your access-list name is for inside-to-outbound traffic, in this example we'll use the name inside_out, the rule would look like this:

access-list inside_out extended permit tcp 192.168.20.0 255.255.255.0 host 12.34.101.191 eq 10200

ronald.ramzy Mon, 06/01/2009 - 06:03

thank you.

Can you help to configure

() How could I allow ssh from inside to outside only. Block SSH from outside to inside

() Block internet browsing from inside to outside ( inside lan 192.168.20.0/24 )

() resolve DNS queries for Windows DNS Server ( windows DNS Server = 192.168.1.100 )

We have SSH attack on natted IP for proxy-server, how to resolve it

Actions

This Discussion