Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > PIX: how to allow 1 host from outside interface to access another host on the inside interface?

Reply
Thread Tools

PIX: how to allow 1 host from outside interface to access another host on the inside interface?

 
 
jonnah
Guest
Posts: n/a
 
      04-21-2004
hello

we need to allow host on outside interface (using public IP) to access
(access, meaning to reach via icmp,tcp,whatever) a host on the
internal network (using private IP) connected to private interface.

we read that normally outside hosts cannot initiate connections to
inside interface but we need to do that for software updates.

thanks
 
Reply With Quote
 
 
 
 
mcaissie
Guest
Posts: n/a
 
      04-21-2004

"jonnah" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) om...
> hello
>
> we need to allow host on outside interface (using public IP) to access
> (access, meaning to reach via icmp,tcp,whatever) a host on the
> internal network (using private IP) connected to private interface.
>
> we read that normally outside hosts cannot initiate connections to
> inside interface but we need to do that for software updates.
>
> thanks


-You need first to translate your private IP to a public IP

static (inside,outside) [public IP] [private IP] netmask 255.255.255.255 0 0

-Then you need to create an access-list allowing whatever you want

access-list acl_out permit ip host [external host] host [public IP of your
internal server]
access-list acl_out permit icmp host [external host] host [public IP of your
internal server]

or to be more granular

access-list acl_out permit tcp host [external host] host [public IP of your
internal server] eq [tcp port]
access-list acl_out permit udp host [external host] host [public IP of your
internal server] eq [udp port]
access-list acl_out permit icmp host [external host] host [public IP of your
internal server]

-Then you need to apply this access-list to your outside interface

access-group acl_out in interface outside


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
help with pix inside->outside + dmz->outside + inside->outside->dmz Jack Cisco 0 09-19-2007 01:57 AM
PIX pinging outside interface from inside host? Cen Cisco 1 09-19-2005 05:35 PM
PIX 506E Routing from Inside Interface network To outside interface network marti314 Cisco 1 08-05-2005 02:50 AM
Ping PIX inside interface from outside host Al Cisco 1 12-28-2004 12:29 AM
allow ssh only on outside interface, but telnet on inside interface of router no-one Cisco 0 07-28-2004 04:17 PM



Advertisments