Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

Access-list restriction question

I want to allow a specific IP outside address to access a telnet port on a server behind a firewall. Can you do this via the access-list, if so would it look like the following?

Access-list acl_out permit tcp ***.***.***.*** (outside address needing access)host ***.***.***.*** (outside address)eq telnet

Static (inside,inet) ***.***.***.*** (Outside address) ***.***.***.*** (Inside address) netmask ***.***.***.*** 0 0

Would this allow only the specified address in the access list to access a telnet session?

Any help would be appreciated.


Cisco Employee

Re: Access-list restriction question

Not sure if i understand correctly, but let me re-phrase your question.

You have a host behind the PIX eg and you want only one particular outside host eg to be able to telnet to this device (NATed as, if my understanding is correct, then you need following;

static (inside,outside) netmask

access-list acl_out permit tcp host host eq 23

(and ofcourse the access-group command)

in the above example,

- is the NATed address visible for outside users fro device

- is the user outside the PIX you want to allow to telnet to device

Alternatively, i think you might be wanting to do the same as above, but NAT the to the PIX outside interface address, if this is what you want then you need to look into following URL for port redirection.



CreatePlease to create content