Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
732
Views
0
Helpful
3
Replies

Need Help: Allow Outside Host Access Inside Network

sakdavin
Level 1
Level 1

‎07-02-2005 04:37 AM

Hello,

I have a pix firewall which connects to core router. I also have one network(let say network 1) between the pix firewall and core router.

What I am trying to do is to allow some hosts in Network 1 to access my network 2(File Server) which stay behind the pix firewall. The diagram is as below:

Net.2(FileServer)....>Pix....>Net.1...>Core Router

Note: I have tried to config by following the doc in the below link but it still does not work.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aad.shtml

Thanks in advance.

Regards,

Sakdavin

Labels:
0 Helpful
3 Replies 3

sunilc
Level 1
Level 1

‎07-03-2005 10:37 AM

Snippet of your config that does not work would help.

This should work though:

If 10.1.1.1 is the Server on the inside Net2, known to the outside world as 100.1.1.1,

and 200.1.1.1 is a client on the Outside Net1

static(inside,outside) 100.1.1.1 10.1.1.1

access-list 101 permit ip host 200.1.1.1 host 100.1.1.1

access-group 101 in interface outside

If this doesnt work, then make sure routing is good, there are no other nat statements that supersede the above statement, acl on inside allows return traffic etc.

0 Helpful

sakdavin
Level 1
Level 1
In response to sunilc

‎07-04-2005 12:55 AM

Hi Sunilc,

Thanks for the reply.

I got another problem with outside vpn users. I have a Watchguard Firewall which stays in front of Cisco Pix.And now what I am trying to do is to allow my outside vpn user access to my internal file server.

Note: WatchGuard works as a vpn server. We want to allow vpn user pass through pix firewall. What do i need to open port on pix firewall.

Could you plz take a look at my attached file.Any URL link, plz kindly let me know.

Regards.

Sakdavin

Preview file
1879 KB
0 Helpful

sunilc
Level 1
Level 1
In response to sakdavin

‎07-08-2005 08:31 AM

From the PIX perspective it is just an IP packet coming in, since the Watchgaurd is the VPN server and has decrypted the IPSec packet from the vpn user.

Now this packet is routed to the PIX and then must access the inside server.

All you have to do is to change the PIX Outside ACl to allow the decrypted packet access to Server. Assuming the Watchgaurd is terminating remote VPN clients, and assigning a private ip to client, lets say from pool 11.1.1.x.

If 10.1.1.1 is the Server on the inside Net2, known to the outside world as 100.1.1.1,

and 11.1.1.x is the ipsec private adress assigned to the remote VPN client 200.1.1.1

static(inside,outside) 100.1.1.1 10.1.1.1

access-list 101 permit ip 11.1.1.0/24 host 100.1.1.1

access-group 101 in interface outside

-Sunil.

0 Helpful
Customers Also Viewed These Support Documents