Cisco Support
English
Feedback Help
Cisco Support Community
Register
cancel
turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
jeffland_98
jeffland_98
Community Member
‎06-16-2006 03:21 PM
‎06-16-2006 03:21 PM

Temp access to Inside servers thru PIX 515

We have a set of servers installed in our lab as they will be in the field with the firewall between them and our in-house network. We want to temporarily allow users on our in-house network (connected to the outside interface) to have telnet access to the servers on the inside interface. Whenever I try to do this using the SDM (v3) it takes the access rule but when I display it after its applied, it has applied the rule between the outside and DMZ interfaces. What am I doing wrong?

0 Helpful
Reply
4 REPLIES
ph0enix
ph0enix
Community Member
‎06-17-2006 08:31 PM
‎06-17-2006 08:31 PM

Re: Temp access to Inside servers thru PIX 515

If I understand you correctly, you have a PIX with 3 interfaces and you want to allow access from the outside one to some servers on the inside one - correct? Are you usinng NAT? Can you post the config?

0 Helpful
Reply
jeffland_98
jeffland_98
Community Member
‎06-19-2006 07:26 PM
‎06-19-2006 07:26 PM

Re: Temp access to Inside servers thru PIX 515

Yes, there are three interfaces: outside, inside, dmz.

I was able to correct it over the weekend. The problem seems to be a tried to take a simple step first and use the wild card 0.0.0.0 0.0.0.0 for the Inside network. Whenever I used this it would take it but then when I examine it after applying, it always applied it to the DMZ interface.

When I applied the rule only to the network I wanted on the Inside - 192.168.249.0 /24, it worked as expected.

Must be an undocumented feature.

Thanks for your help.

0 Helpful
Reply
Fernando_Meza
Fernando_Meza Gold
Gold
‎06-17-2006 10:40 PM
‎06-17-2006 10:40 PM

Re: Temp access to Inside servers thru PIX 515

Hi ..

to allow access from outside to inside you need to perform 2 steps.

1.- Configure a static nat .. in your case it will be somehting like this.

static (inside,outside) Public_IP Private_IP netmask 255.255.255.255

where inside is the name of the interface where your servers are located.

outside is the name of the interface connected to your in-house network

Public_IP is the ip address that the in-house network will connect to reach your internal servers (Private_IP).

2.- You need to allow access on the access-list applied to the outside interface. SOmething like this.

access-list Outside_Access_In permit tcp any host Public_IP eq 23

access-group Outside_Access_In in interface outside

I hope it helps .. please rate if it it does !!!

0 Helpful
Reply
jeffland_98
jeffland_98
Community Member
‎06-19-2006 07:35 PM
‎06-19-2006 07:35 PM

Re: Temp access to Inside servers thru PIX 515

Thanks for the help. I was able to resolve the issue over the weekend. (see post above).

I do have another problem. Connected directly to the inside port via crossed cable is the inside router. Since there is no switch or hub, I have no port to connect a PC to configure the firewall. Is there a way to set the firewall to allow configuration from a network (192.168.249.0) on the inside port other than the network the inside port is directly connected (192.168.1.0)?

0 Helpful
Reply
Latest Documents
Snort IPS on ISR, ISRv and CSR - Step-By-Step Configuration
Created by Kureli Sankar on 04-19-2018 11:25 AM
0
0
0
0
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin... view more
Upgrade Chassis Manager (FXOS)
Created by Jeet Kumar on 02-23-2018 02:51 AM
2
15
2
15
    Login to the FXOS chassis manager. Direct your browser to https://hostname/, and log-in using the user-name and password.     Go to Help > About and check the current version:    Check the current version availa... view more
ASA 5506-X with ipv6 no access to internet
Created by Klaxel on 02-08-2018 01:25 AM
3
5
3
5
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6. In Syslog I also se... view more
All Documents
140
Views
0
Helpful
4
Replies
CreatePlease to create content
Discussion
Blog
Document
Video
Popular Blogs
AnyConnect Certificate Based Authentication.
Created by Marvin Ruiz on 08-27-2012 05:20 PM
36
70
36
70
BLOG (No Title)
Created by athukral on 06-14-2011 04:23 AM
15
35
15
35
Wireless Hacking
Created by Anim Saxena on 01-24-2013 07:56 AM
2
20
2
20
All Blogs