Core issue

It is often necessary to allow outside devices access to an internal server or workstation.  It is possible to configure this access on the PIX Firewall using the PIX Device Manager (PDM).

Resolution

To allow access to an internal device through the PIX using PDM, you must address two separate issues.

The first issue involves creating a translation for the traffic. Because devices on the internal network typically use private addresses, you must create a public address on the PIX that points to the intended private address. This translation is a one-to-one IP address translation, which is also known as a static Network Address Translation (NAT). To address this issue, perform the following steps:

1. Select the Translation Rules tab.
2. Click Rules in the tools bar and select Add. Another window should open. The originator interface will remain the inside.
3. Insert the real IP address of the internal server.
4. Change the Radio Dial to Static instead of Dynamic.
5. Configure the global address under this field.

Next, you must create an access rule to permit traffic from the outside to reach the internal server. To address this issue, perform the following steps:

1. Select the Access Rules tab.
2. Select Rules in the tool bar and highlight Add. The source will be the outside interface.
3. Specify the IP address range you want to allow from the outside.
4. Specify the Destination as the interface on the PIX where the server is located, usually the inside or DMZ.
5. Fill out the appropriate IP information for the server.

You should be able to pass traffic between the desired outside device and the server on the internal network.