Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Temp access to Inside servers thru PIX 515

We have a set of servers installed in our lab as they will be in the field with the firewall between them and our in-house network. We want to temporarily allow users on our in-house network (connected to the outside interface) to have telnet access to the servers on the inside interface. Whenever I try to do this using the SDM (v3) it takes the access rule but when I display it after its applied, it has applied the rule between the outside and DMZ interfaces. What am I doing wrong?

4 REPLIES
Community Member

Re: Temp access to Inside servers thru PIX 515

If I understand you correctly, you have a PIX with 3 interfaces and you want to allow access from the outside one to some servers on the inside one - correct? Are you usinng NAT? Can you post the config?

Community Member

Re: Temp access to Inside servers thru PIX 515

Yes, there are three interfaces: outside, inside, dmz.

I was able to correct it over the weekend. The problem seems to be a tried to take a simple step first and use the wild card 0.0.0.0 0.0.0.0 for the Inside network. Whenever I used this it would take it but then when I examine it after applying, it always applied it to the DMZ interface.

When I applied the rule only to the network I wanted on the Inside - 192.168.249.0 /24, it worked as expected.

Must be an undocumented feature.

Thanks for your help.

Re: Temp access to Inside servers thru PIX 515

Hi ..

to allow access from outside to inside you need to perform 2 steps.

1.- Configure a static nat .. in your case it will be somehting like this.

static (inside,outside) Public_IP Private_IP netmask 255.255.255.255

where inside is the name of the interface where your servers are located.

outside is the name of the interface connected to your in-house network

Public_IP is the ip address that the in-house network will connect to reach your internal servers (Private_IP).

2.- You need to allow access on the access-list applied to the outside interface. SOmething like this.

access-list Outside_Access_In permit tcp any host Public_IP eq 23

access-group Outside_Access_In in interface outside

I hope it helps .. please rate if it it does !!!

Community Member

Re: Temp access to Inside servers thru PIX 515

Thanks for the help. I was able to resolve the issue over the weekend. (see post above).

I do have another problem. Connected directly to the inside port via crossed cable is the inside router. Since there is no switch or hub, I have no port to connect a PC to configure the firewall. Is there a way to set the firewall to allow configuration from a network (192.168.249.0) on the inside port other than the network the inside port is directly connected (192.168.1.0)?

140
Views
0
Helpful
4
Replies
CreatePlease to create content