Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

PIX and PAT NAT translation only for telnet and ftp sessions

Hello,

I want to translate telnet and/or FTP sessions to a public ip adress. Other types of sessions like HTTP don't have to be transalated because they a proxied by a proxy server (squid). Can somebody tell me how to configure this on a PIX.

Regards

Aad

5 REPLIES
Community Member

Re: PIX and PAT NAT translation only for telnet and ftp sessions

Outgoing Telnet & FTP or incoming Telnet & FTP ?

Community Member

Re: PIX and PAT NAT translation only for telnet and ftp sessions

It's outgoing telnet and ftp

Community Member

Re: PIX and PAT NAT translation only for telnet and ftp sessions

If your requirement is to allow internal users to allow outbound FTP and Telnet, you only have to setup NAT and Global. If you want to limit your users for only those two services (and no other), you have to setup an access-list that permits these services and deny the rest. Then apply the access list to your internal interface.

Laat me effies weten of het werkt.

Community Member

Re: PIX and PAT NAT translation only for telnet and ftp sessions

So after I configured NAT and global I create an access-list like:

access-list ftptelnet permit tcp any any neq ftp

access-list ftptelnet permit tcp any any neq ftp-data

access-list ftptelnet permit tcp any any neq telnet

and then use the

nat (inside) 0 access-list ftptelnet

Enne of ut werkt weet ik pas over een aantal weken omdat dan de PIX geleverd wordt. Maar ik hou je zeker op de hoogte.

Community Member

Re: PIX and PAT NAT translation only for telnet and ftp sessions

Aad,

Almost.Lets assume you are using network 10.1.1.0/24 as your internal network. You need to setup the following commands:

nat(inside) 1 10.1.1.0 255.255.255.0

global (outside) 1 -outside ip addresses-

access-list ftptelnet permit tcp 10.1.1.0 255.255.255.0 any eq ftp

access-list ftptelnet permit tcp 10.1.1.0 255.255.255.0 any eq telnet

access-group ftptelnet in interface inside

This will allow internal users to access the internet with telnet and ftp protcols. You don't have to add an entry for ftp-data. If 'fixup protocol ftp 21' is set, the PIX will take care of that.

I hoop dat dit helpt.

230
Views
0
Helpful
5
Replies
CreatePlease to create content