PIX and PAT NAT translation only for telnet and ftp sessions

aboelhouwers · ‎02-06-2002

Hello,

I want to translate telnet and/or FTP sessions to a public ip adress. Other types of sessions like HTTP don't have to be transalated because they a proxied by a proxy server (squid). Can somebody tell me how to configure this on a PIX.

Regards

Aad

bdube · ‎02-06-2002

Outgoing Telnet & FTP or incoming Telnet & FTP ?

aboelhouwers · ‎02-07-2002

It's outgoing telnet and ftp

rrbleeker · ‎02-07-2002

If your requirement is to allow internal users to allow outbound FTP and Telnet, you only have to setup NAT and Global. If you want to limit your users for only those two services (and no other), you have to setup an access-list that permits these services and deny the rest. Then apply the access list to your internal interface.

Laat me effies weten of het werkt.

aboelhouwers · ‎02-07-2002

So after I configured NAT and global I create an access-list like:

access-list ftptelnet permit tcp any any neq ftp

access-list ftptelnet permit tcp any any neq ftp-data

access-list ftptelnet permit tcp any any neq telnet

and then use the

nat (inside) 0 access-list ftptelnet

Enne of ut werkt weet ik pas over een aantal weken omdat dan de PIX geleverd wordt. Maar ik hou je zeker op de hoogte.

rrbleeker · ‎02-07-2002

Aad,

Almost.Lets assume you are using network 10.1.1.0/24 as your internal network. You need to setup the following commands:

nat(inside) 1 10.1.1.0 255.255.255.0

global (outside) 1 -outside ip addresses-

access-list ftptelnet permit tcp 10.1.1.0 255.255.255.0 any eq ftp

access-list ftptelnet permit tcp 10.1.1.0 255.255.255.0 any eq telnet

access-group ftptelnet in interface inside

This will allow internal users to access the internet with telnet and ftp protcols. You don't have to add an entry for ftp-data. If 'fixup protocol ftp 21' is set, the PIX will take care of that.

I hoop dat dit helpt.