Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

Access-list restriction question

I want to allow a specific IP outside address to access a telnet port on a server behind a firewall. Can you do this via the access-list, if so would it look like the following?

Access-list acl_out permit tcp ***.***.***.*** (outside address needing access)host ***.***.***.*** (outside address)eq telnet

Static (inside,inet) ***.***.***.*** (Outside address) ***.***.***.*** (Inside address) netmask ***.***.***.*** 0 0

Would this allow only the specified address in the access list to access a telnet session?

Any help would be appreciated.

Thanks

1 REPLY
Cisco Employee

Re: Access-list restriction question

Not sure if i understand correctly, but let me re-phrase your question.

You have a host behind the PIX eg 10.1.1.1 and you want only one particular outside host eg 52.1.1.1 to be able to telnet to this 10.1.1.1 device (NATed as 65.1.1.1), if my understanding is correct, then you need following;

static (inside,outside) 65.1.1.1 10.1.1.1 netmask 255.255.255.255

access-list acl_out permit tcp host 52.1.1.1 host 65.1.1.1 eq 23

(and ofcourse the access-group command)

in the above example,

- 65.1.1.1 is the NATed address visible for outside users fro 10.1.1.1 device

- 52.1.1.1 is the user outside the PIX you want to allow to telnet to device 10.1.1.1

Alternatively, i think you might be wanting to do the same as above, but NAT the 10.1.1.1 to the PIX outside interface address, if this is what you want then you need to look into following URL for port redirection.

http://www.cisco.com/warp/public/707/28.html#port

HTH

R/Yusuf

72
Views
0
Helpful
1
Replies
CreatePlease to create content