topic Secure path access in Network Security

Secure path access

ronald.ramzy — Mon, 11 Mar 2019 15:38:06 GMT

Hi,

I have users behind the firewall and need to access telnet session to the xtrader.prudential.com port 10200.

we have DHCP so user IP changes and cannot configure user on static IP, what is the secure way to allow this on Cisco ASA 5510

LAN IP segment is 192.168.20.0/24

jj27 — Mon, 01 Jun 2009 12:46:26 GMT

I'm assuming you are talking about local users accessing the telnet session outbound through the firewall.

You'll need the IP of the host you provided, which from my ping DNS resolves it to 12.34.101.191.

Whatever your access-list name is for inside-to-outbound traffic, in this example we'll use the name inside_out, the rule would look like this:

access-list inside_out extended permit tcp 192.168.20.0 255.255.255.0 host 12.34.101.191 eq 10200

ronald.ramzy — Mon, 01 Jun 2009 13:03:19 GMT

thank you.

Can you help to configure

() How could I allow ssh from inside to outside only. Block SSH from outside to inside

() Block internet browsing from inside to outside ( inside lan 192.168.20.0/24 )

() resolve DNS queries for Windows DNS Server ( windows DNS Server = 192.168.1.100 )

We have SSH attack on natted IP for proxy-server, how to resolve it