Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
313
Views
0
Helpful
4
Replies

Temp access to Inside servers thru PIX 515

jeffland_98
Level 1
Level 1

‎06-16-2006 03:21 PM - edited ‎02-21-2020 12:58 AM

We have a set of servers installed in our lab as they will be in the field with the firewall between them and our in-house network. We want to temporarily allow users on our in-house network (connected to the outside interface) to have telnet access to the servers on the inside interface. Whenever I try to do this using the SDM (v3) it takes the access rule but when I display it after its applied, it has applied the rule between the outside and DMZ interfaces. What am I doing wrong?

0 Helpful
4 Replies 4

ph0enix
Level 1
Level 1

‎06-17-2006 08:31 PM

If I understand you correctly, you have a PIX with 3 interfaces and you want to allow access from the outside one to some servers on the inside one - correct? Are you usinng NAT? Can you post the config?

0 Helpful

jeffland_98
Level 1
Level 1
In response to ph0enix

‎06-19-2006 07:26 PM

Yes, there are three interfaces: outside, inside, dmz.

I was able to correct it over the weekend. The problem seems to be a tried to take a simple step first and use the wild card 0.0.0.0 0.0.0.0 for the Inside network. Whenever I used this it would take it but then when I examine it after applying, it always applied it to the DMZ interface.

When I applied the rule only to the network I wanted on the Inside - 192.168.249.0 /24, it worked as expected.

Must be an undocumented feature.

Thanks for your help.

0 Helpful

Fernando_Meza
Level 7
Level 7

‎06-17-2006 10:40 PM

Hi ..

to allow access from outside to inside you need to perform 2 steps.

1.- Configure a static nat .. in your case it will be somehting like this.

static (inside,outside) Public_IP Private_IP netmask 255.255.255.255

where inside is the name of the interface where your servers are located.

outside is the name of the interface connected to your in-house network

Public_IP is the ip address that the in-house network will connect to reach your internal servers (Private_IP).

2.- You need to allow access on the access-list applied to the outside interface. SOmething like this.

access-list Outside_Access_In permit tcp any host Public_IP eq 23

access-group Outside_Access_In in interface outside

I hope it helps .. please rate if it it does !!!

0 Helpful

jeffland_98
Level 1
Level 1
In response to Fernando_Meza

‎06-19-2006 07:35 PM

Thanks for the help. I was able to resolve the issue over the weekend. (see post above).

I do have another problem. Connected directly to the inside port via crossed cable is the inside router. Since there is no switch or hub, I have no port to connect a PC to configure the firewall. Is there a way to set the firewall to allow configuration from a network (192.168.249.0) on the inside port other than the network the inside port is directly connected (192.168.1.0)?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card