pix 7.1 outside to inside access

sivakondalarao · ‎10-14-2006

Hi,

I need configuration help for PIX 525 with PIX OS 7.1

My scenario is like this:

Firewall inside network 192.168.1.0 /24

Firewall inside interface IP 192.168.1.1

Firewall outside network 192.168.2.0/24

Firewall outside interface IP 192.168.2.1

I have to permit hosts 192.168.2.11 to 20 to access anything in the inside network.

Can somebody help in configuring this.

Regards

skrao

zulqurnain · ‎10-14-2006

hi sivakondalarao,

try posting your config to better understand you setup, rest you can try this for the desired results

create an access-list and apply it to your outside interface

"access-list acl_out permit tcp any host 192.168.2.11"

apply to interface

"access-group acl_out in interface outside"

create a static for outside ip to commnicate with inside host

"static (inside,outside) tcp 192.168.2.11 192.168.1.x netmask 255.255.255.255"

also create an access-list and apply it to our inside interface

"access-list acl_inside permit ip any any"

apply to interface

"access-group acl_inside in interface inside"

hope this helps

Fernando_Meza · ‎10-14-2006

Hi can can:

1.- Create a static translation for all the internal hosts

static (inside,outside) 192.168.1.0 192.168.1.0 netmask 255.255.255.0

2.- Create an access-list for the outside network to initiate traffic to the inside hosts

access-list Outside_In extended permit ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0

access-group Outside_In in interface Outside

3.- make sure your access-list applied to the Internal interface allow outbound traffic i.e

access-list Inside_Out extended permit ip 192.168.1.0 255.255.255.0 any

access-group Inside_Out in interface Inside

I hope it helps ... please rate it if it does