02-17-2011 12:25 PM - edited 03-11-2019 12:52 PM
Hello, utter novice here with a very old Sun server behind a Pix 501 (v6.3) running PDM v3.0.
I need to access the server files from a remote location but I am overwelmed trying to learn how everything works.
It seems that I need to simply either create some new rules or configure the "Easy VPN Remote" section of the PDM.
Can anyone please walk me through the PDM so that I can either use remote desktop or FTP from anywhere? Whichever is simpler to explain is fine.
Thank you very much.
02-17-2011 12:33 PM
Hi,
To access the inside server remotely you can either use a VPN tunnel or simply use a NAT rule to redirect traffic to it.
If you have a public IP on the outside interface of the PIX, you can simply create a Static PAT rule to redirect 3389 to the server and permit it with an ACL.
It's been years that I don't touch PDM, but I can show you the commands.
Federico.
02-17-2011 02:56 PM
Thank you very much Federico. I think I see all of the IPs I need in the PDM. I have not yet figured out how to edit the config file within the PDM - I can view it though.
If I learn how to do that, I'll try your code if you wouldn't mind. Tell me though, if it matters where in the config file I insert it.
02-18-2011 08:49 AM
Using this as a guide (https://supportforums.cisco.com/docs/DOC-1972), I came up with the commands below:
static(inside,outside)
access-list 101 permit tcp any host
access-list 101 permit udp any host
(Note: I do not have an ASA and I assume I want 5900 because I'm trying to get TightVNC to work and that's the default port for it.)
Would this work as I hope? If so, does it matter where it goes in the config file? And if this is correct, or after someone tweaks it a little, is there any thing else at all that I need to do to be able to VNC (or FTP) in from off-site to my and other computers on the local network?
Thanks again.
02-18-2011 11:03 AM
static(inside,outside)
access-list 101 permit tcp any host
access-list 101 permit udp any host
The above config is correct.
If you're going to use for
static(inside,outside) tcp
static(inside,outside) udp
You also need to add:
access-group 101 in interface outside
Hope it helps.
Federico.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide