PIX 515E Access List Issues

david.szabo · ‎08-24-2011

hey gents,

I know this has been asked many many times I just wanted to verify the below config should work before I set it on our prod FW

I am trying to allow SSH (TCP) access to an internal IP (10.0.0.170) via a spare Public IP (203.0.89.89) heres what I could come up with;

access-list outside_access_in extended permit tcp any host 192.168.1.5 eq ssh

static (inside,outside) 10.0.0.170 203.0.89.89 netmask 255.255.255.255

access-group outside_access_in in interface outside

static (inside,outside) TCP 10.0.0.170 2022 203.0.89.89 22 **

**Do I need to set port redirection at all seeing as though I am accessing it through a spare Public IP? or am i completely on the wrong track?

would be thankfull for any advice, much appreciated.

varrao · ‎08-24-2011

HI David,

Here's all what you need for accessing ssh from outside:

access-list outside_access_in extended permit tcp any host 203.0.89.89 eq ssh

access-group outside_access_in in interface outside

static (inside,outside) tcp 203.0.89.89 22 10.0.0.170 22

what this static command would do is, it would do port re-dircetion, request coming in on the public ip on port 22 would be forwarded to your private ip on port 22. Port re-direction should be fine, as it would save you the public ip, you can use the same public ip for another host on another port.

Let me know if you have any questions.

Thanks,

Varun

Thanks,
Varun Rao