×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

PIX and PAT NAT translation only for telnet and ftp sessions

Unanswered Question
Feb 6th, 2002
User Badges:

Hello,



I want to translate telnet and/or FTP sessions to a public ip adress. Other types of sessions like HTTP don't have to be transalated because they a proxied by a proxy server (squid). Can somebody tell me how to configure this on a PIX.


Regards

Aad

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
bdube Wed, 02/06/2002 - 17:20
User Badges:

Outgoing Telnet & FTP or incoming Telnet & FTP ?

rrbleeker Thu, 02/07/2002 - 08:28
User Badges:

If your requirement is to allow internal users to allow outbound FTP and Telnet, you only have to setup NAT and Global. If you want to limit your users for only those two services (and no other), you have to setup an access-list that permits these services and deny the rest. Then apply the access list to your internal interface.


Laat me effies weten of het werkt.



aboelhouwers Thu, 02/07/2002 - 09:41
User Badges:

So after I configured NAT and global I create an access-list like:


access-list ftptelnet permit tcp any any neq ftp

access-list ftptelnet permit tcp any any neq ftp-data

access-list ftptelnet permit tcp any any neq telnet


and then use the


nat (inside) 0 access-list ftptelnet


Enne of ut werkt weet ik pas over een aantal weken omdat dan de PIX geleverd wordt. Maar ik hou je zeker op de hoogte.

rrbleeker Thu, 02/07/2002 - 11:06
User Badges:

Aad,


Almost.Lets assume you are using network 10.1.1.0/24 as your internal network. You need to setup the following commands:


nat(inside) 1 10.1.1.0 255.255.255.0

global (outside) 1 -outside ip addresses-


access-list ftptelnet permit tcp 10.1.1.0 255.255.255.0 any eq ftp

access-list ftptelnet permit tcp 10.1.1.0 255.255.255.0 any eq telnet

access-group ftptelnet in interface inside



This will allow internal users to access the internet with telnet and ftp protcols. You don't have to add an entry for ftp-data. If 'fixup protocol ftp 21' is set, the PIX will take care of that.


I hoop dat dit helpt.

Actions

This Discussion