cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
329
Views
0
Helpful
6
Replies

Pix 515E - Static NAT Question

Mansoor Hafeez
Level 1
Level 1

In my network, there is one server that is on an untrusted network. i have a firewall between that server and my network. I only want to allow that server to send data to a server on my network, and deny all other access.

is this option possible in the PIX firewall.

6 Replies 6

spremkumar
Level 9
Level 9

The scenario mentioned in this link deals to a similar kinda access inline with urs.

only difference is its allowing/permitting the smtp services alone.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094466.shtml

you mite want to look at these altered config lines ...

access-list input permit ip host outsideserverip host yourpublicip

access-group input in interface outside

static (inside,outside) yourpublicip yourinsideserverip netmask 255.255.255.255

outsideserverip --- remoteend server ip

yourpublicip --- the outside interface ip configured in ur outside interface

yourinsideserverip --- the orginal ip configured on your servers nic which is kept in inside lan behind the pix

regds

Let me explain little bit more. The untrusted Server IP is 172.16.2.22 and it is supposed to access the trusted Server 192.168.100.2 on particular tcp port 6789.but in access-list I cannot define this particular IP to access the inside server on a specific TCP port.

the access-list above defines IP access, which will include all TCP ports,

i want the access-list to allow access on a specific tcp port. is this possible with the PIX firewall.

hi

As mentioned in the link attached in my post you can define the access on particular port as

access-list input permit tcp any host 209.164.3.5 eq 6789

i hope that should work out for u..

regds

is it possible to replace the "any" with an IP address of the outside server

hi

its very much possible to define specific ip prefixing "host" keyword in front of that ip address..

access-list input permit tcp host youroutsideserverip host 209.164.3.5 eq 6789

regds

thanks..

i tried this command before, but then it didnot allow any sort of communication from the outside server to the internal server...

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: