Re: connecting IP/port on the outside

wgranada1 · ‎02-26-2007

I'm pretty new to firewalls but I have a Pix-515E and I'm trying to have an inside machine telnet to a outside machine and port is there some place I can read to do this or can someone explain to me what I need to do? Thank you in advance

vitripat · ‎02-26-2007

If you want a inside how be able to telnet to a host on the outside of PIX, all you need are translation rules for outbound connectivity from inside to outside.

For eg., following commands creates translation rules for whole inside network going outside. The internal network will be PATted to outside interface IP:

nat (inside) 1 0 0

global (outside) 1 interface

Regards,

Vibhor.

wgranada1 · ‎02-26-2007

so if I wanted just one to one connection then I would need to do something like this?

nat(inside)100 205.248.197.130 255.255.255.255

global(outside) 100 interface

or do I need to put in the ip and port number of the machine I need to get to?

vitripat · ‎02-26-2007

You dont need to care about the IP address of the destination. Here is the reason why-

- If you are on the inside interface, this interface by default has the highest security-level of 100. If from this interface you need to connect to any other host which would definately be on a lower security interface, all you need are translation rules for outbound connectivity. In following commands-

nat(inside)100 205.248.197.130 255.255.255.255

global(outside) 100 interface

Above commands tell that 205.248.197.130 is a host on the inside network and will be translated to outside interface IP, when making outbound connections. Currently, as nat command specifies only a single host, no other host will be able to make outbound connections.

Let me know if this explains your concern.

Regards,

Vibhor.

wgranada1 · ‎02-26-2007

Thank you sir I think this makes sense I will try this tonight and see if I understand what you are saying. thank you in advance!!!!