Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Access to internal Servers

HI there Can you tell me what I need to do? I have a static ip map from an internal IP address to the outside ip address of my PIX 501 (is this permitted and will it work)

Do i need to include an ACL in my config to permit the outside Interface IP address, that the internal server is mapped to. Do I need to change the ip mapping to another IP or will the Outside interface be ok. I thank you for your advice

2 REPLIES

Re: Access to internal Servers

Hello James

Yeah , it is very much permitted and will work !!! you need to do the following:

1) Put a static from inside to outside. the outside IP should be any free public IP, which will be accessible through the ISP, and not the IP of the PIX.

eg static (inside,outside) 200.200.2.2 192.168.1.1 netmask 255.255.255.255

where 192.168.1.1 is your local IP address

2) Put an access-list to permit the desired ports from outside... by default all connections from outside to inside are blocked. you need to explicitely allow by putting an access-list..

eg.. access-list outside permit tcp any host 200.200.2.2 eq 25

ip access-group outside in interface outside

Hope this helps.. all the best.. rate replies if found useful.

Raj

Gold

Re: Access to internal Servers

providing there is only one public ip.

e.g.

static (inside,outside) tcp interface 80 80 netmask 255.255.255.255

access-list inbound permit tcp any interface outside eq 80

access-group inbound in interface outside

clear xlate

190
Views
0
Helpful
2
Replies