https://community.cisco.com/t5/network-security/terminal-server-acccess-thro-pix/m-p/350819#M549204 <HTML><HEAD></HEAD><BODY><P>Dear Spaulose,</P><P></P><P>Let me brief my network setup</P><P></P><P>Local lan : 10.0.0.0/24</P><P>Mail server 10.0.0.2/24 (adsl outsdie global IP mapped in ADSL modem to give mail access)</P><P>Proxy server insdie NIC :10.0.0.1 /24</P><P>proxy server outsdieNIC :172.16.1.1/24</P><P>Pix inside : 172.16.1.2 /24</P><P>pix outsdie : 192.168.100.1/24</P><P>ADSL modem inside etho : 192.168.100.2/24</P><P>Adsl outsdie :Global Fixed IP (ISP)</P><P></P><P>In pix </P><P>route outside 0.0.0.0 0.0.0.0 192.168.100.2 1 </P><P>Adsl atm0 outside global IP is used by outside users to access to the internal mail &amp; terminal server 10.0.0.2 to give terminal server access for the outside untruseted network users.But I want to know how can I configure the PIX to map the local IP of mail server to the global IP of ADSL modem.</P><P>If I leave the adsl configure untouched and in pix nat (inside) 0 0 0 command used , then can the terminal server is accessable from outside.</P><P>I really confused with the port address mapping like stuffs.</P><P>Please help me </P><P></P><P>Regards</P><P>swamy</P></BODY></HTML> Wed, 20 Apr 2005 14:27:31 GMT arumugasamy 2005-04-20T14:27:31Z https://community.cisco.com/t5/network-security/terminal-server-acccess-thro-pix/m-p/350812#M549177 <P>Dear All</P><P></P><P>I have to open a port for microsoft terminal server located inside the pix 515E to give outside users access. Which port should i open?</P><P></P><P>Pls provide me the configuration details if you have.</P><P></P><P>Thanks in Advance</P><P></P><P>swamy </P> Fri, 21 Feb 2020 08:05:16 GMT https://community.cisco.com/t5/network-security/terminal-server-acccess-thro-pix/m-p/350812#M549177 arumugasamy 2020-02-21T08:05:16Z https://community.cisco.com/t5/network-security/terminal-server-acccess-thro-pix/m-p/350813#M549187 <HTML><HEAD></HEAD><BODY><P>Hi Swamy,</P><P></P><P>Please try these commands..</P><P></P><P>static (inside,outside) tcp interface 3389 10.1.1.1 3389 netmask 255.255.255.255</P><P>access-list 100 permit tcp any host 200.1.1.1 eq 3389</P><P>access-group 100 in interface outside</P><P></P><P>The static command would use the inteface ip address of the outside interface to make the</P><P>translation and then send the information to the 10.1.1.1 host on the inside which would be the</P><P>server on the inside. The access list is permiting 'any' to connect to the ip address 200.1.1.1</P><P>which is an example of the ip address that the ISP is assigning to you.</P><P></P><P>Here is the document that you can relate to to see the explanation of what we are using here.</P><P><A class="jive-link-custom" href="http://www.cisco.com/warp/public/707/28.html#port" target="_blank">http://www.cisco.com/warp/public/707/28.html#port</A></P><P></P><P></P><P>Saju</P></BODY></HTML> Sat, 16 Apr 2005 15:09:25 GMT https://community.cisco.com/t5/network-security/terminal-server-acccess-thro-pix/m-p/350813#M549187 spaulose 2005-04-16T15:09:25Z https://community.cisco.com/t5/network-security/terminal-server-acccess-thro-pix/m-p/350814#M549191 <HTML><HEAD></HEAD><BODY><P>Thanks Mr.Saju for your valid information.</P><P></P><P>Swamy</P></BODY></HTML> Sun, 17 Apr 2005 10:04:24 GMT https://community.cisco.com/t5/network-security/terminal-server-acccess-thro-pix/m-p/350814#M549191 arumugasamy 2005-04-17T10:04:24Z https://community.cisco.com/t5/network-security/terminal-server-acccess-thro-pix/m-p/350815#M549193 <HTML><HEAD></HEAD><BODY><P>Saju,</P><P>In cusromer setup, the adsl modem in the edge doing the pat. Isp assigned single static ip for the wan0 interface and ip address of that int doing the pating.</P><P>adsl etho and the server all are connected to the inside eth segment.</P><P></P><P>Now I have to connect the pix and do the rest of the config. is it ok not to move the pating from the adsl modem to the pix and puting only acl on the outside interface to allow the outside users to access termial server port.</P><P>access-list allow permit tcp any x.x.x.x eq 3389</P><P></P><P>pls give me your solution </P><P></P><P>thanks in advance</P><P>swamy</P></BODY></HTML> Sun, 17 Apr 2005 10:13:06 GMT https://community.cisco.com/t5/network-security/terminal-server-acccess-thro-pix/m-p/350815#M549193 arumugasamy 2005-04-17T10:13:06Z https://community.cisco.com/t5/network-security/terminal-server-acccess-thro-pix/m-p/350816#M549196 <HTML><HEAD></HEAD><BODY><P>Dear Saju,</P><P>In the customer network, adsl router wan int only doing the pating.</P><P></P><P>In your config,</P><P></P><P>static(inside,outside)tcp interface 3389 10.1.1.1 3389 netmask 255.255.255.255</P><P></P><P>Here the interface denote the outsdie interface but in actual setup pix outside i used one rfc1918 private ip range address.How can I do the pating by using adsl modem's wan0 ip address in the pix firewall. </P><P>There is no translation rule in the internal network sofar configured. </P><P></P><P>Pls could you help me</P><P></P><P>swamy </P></BODY></HTML> Sun, 17 Apr 2005 11:12:31 GMT https://community.cisco.com/t5/network-security/terminal-server-acccess-thro-pix/m-p/350816#M549196 arumugasamy 2005-04-17T11:12:31Z https://community.cisco.com/t5/network-security/terminal-server-acccess-thro-pix/m-p/350817#M549199 <HTML><HEAD></HEAD><BODY><P>If the ip addresses available is limited it does not harm to retain the pating on the adsl and use the firewall just for protection. </P><P>But remember there will be 2 NATing for packets from Inside to get to Internet. That is one on PIX and the other on ADSL.</P></BODY></HTML> Mon, 18 Apr 2005 01:57:41 GMT https://community.cisco.com/t5/network-security/terminal-server-acccess-thro-pix/m-p/350817#M549199 spaulose 2005-04-18T01:57:41Z https://community.cisco.com/t5/network-security/terminal-server-acccess-thro-pix/m-p/350818#M549201 <HTML><HEAD></HEAD><BODY><P>I am assuming here that your Inside network is 10.1.1.0 255.255.255.0 w.r.t PIX and outside network w.r.t PIX is 172.16.1.0 255.255.255.0.</P><P></P><P>In this case...I would use..</P><P></P><P>nat (inside) 1 0 0 </P><P>global (outside) 1 interface</P><P></P><P>I am not sure if this answers your question. If not then please clarify your question.</P></BODY></HTML> Mon, 18 Apr 2005 02:01:09 GMT https://community.cisco.com/t5/network-security/terminal-server-acccess-thro-pix/m-p/350818#M549201 spaulose 2005-04-18T02:01:09Z https://community.cisco.com/t5/network-security/terminal-server-acccess-thro-pix/m-p/350819#M549204 <HTML><HEAD></HEAD><BODY><P>Dear Spaulose,</P><P></P><P>Let me brief my network setup</P><P></P><P>Local lan : 10.0.0.0/24</P><P>Mail server 10.0.0.2/24 (adsl outsdie global IP mapped in ADSL modem to give mail access)</P><P>Proxy server insdie NIC :10.0.0.1 /24</P><P>proxy server outsdieNIC :172.16.1.1/24</P><P>Pix inside : 172.16.1.2 /24</P><P>pix outsdie : 192.168.100.1/24</P><P>ADSL modem inside etho : 192.168.100.2/24</P><P>Adsl outsdie :Global Fixed IP (ISP)</P><P></P><P>In pix </P><P>route outside 0.0.0.0 0.0.0.0 192.168.100.2 1 </P><P>Adsl atm0 outside global IP is used by outside users to access to the internal mail &amp; terminal server 10.0.0.2 to give terminal server access for the outside untruseted network users.But I want to know how can I configure the PIX to map the local IP of mail server to the global IP of ADSL modem.</P><P>If I leave the adsl configure untouched and in pix nat (inside) 0 0 0 command used , then can the terminal server is accessable from outside.</P><P>I really confused with the port address mapping like stuffs.</P><P>Please help me </P><P></P><P>Regards</P><P>swamy</P></BODY></HTML> Wed, 20 Apr 2005 14:27:31 GMT https://community.cisco.com/t5/network-security/terminal-server-acccess-thro-pix/m-p/350819#M549204 arumugasamy 2005-04-20T14:27:31Z