02-06-2002 06:37 AM - edited 02-20-2020 09:58 PM
Hello,
I want to translate telnet and/or FTP sessions to a public ip adress. Other types of sessions like HTTP don't have to be transalated because they a proxied by a proxy server (squid). Can somebody tell me how to configure this on a PIX.
Regards
Aad
02-06-2002 05:20 PM
Outgoing Telnet & FTP or incoming Telnet & FTP ?
02-07-2002 01:02 AM
It's outgoing telnet and ftp
02-07-2002 08:28 AM
If your requirement is to allow internal users to allow outbound FTP and Telnet, you only have to setup NAT and Global. If you want to limit your users for only those two services (and no other), you have to setup an access-list that permits these services and deny the rest. Then apply the access list to your internal interface.
Laat me effies weten of het werkt.
02-07-2002 09:41 AM
So after I configured NAT and global I create an access-list like:
access-list ftptelnet permit tcp any any neq ftp
access-list ftptelnet permit tcp any any neq ftp-data
access-list ftptelnet permit tcp any any neq telnet
and then use the
nat (inside) 0 access-list ftptelnet
Enne of ut werkt weet ik pas over een aantal weken omdat dan de PIX geleverd wordt. Maar ik hou je zeker op de hoogte.
02-07-2002 11:06 AM
Aad,
Almost.Lets assume you are using network 10.1.1.0/24 as your internal network. You need to setup the following commands:
nat(inside) 1 10.1.1.0 255.255.255.0
global (outside) 1 -outside ip addresses-
access-list ftptelnet permit tcp 10.1.1.0 255.255.255.0 any eq ftp
access-list ftptelnet permit tcp 10.1.1.0 255.255.255.0 any eq telnet
access-group ftptelnet in interface inside
This will allow internal users to access the internet with telnet and ftp protcols. You don't have to add an entry for ftp-data. If 'fixup protocol ftp 21' is set, the PIX will take care of that.
I hoop dat dit helpt.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: