Opening an outboung Port on Pix

Discussion in 'Cisco' started by smokey7244521, Nov 22, 2006.

  1. smokey7244521

    smokey7244521

    Joined:
    Nov 22, 2006
    Messages:
    1
    I have a Pix 515 configured with no outside internet access, the main thing that Pix is used for is vpn between 2 remote branch offices.
    *I need to open outbound traffic on workstation 10.10.200.201 to use telnet to public ip XX.XX.XX.XX. Any help would be appreciated. Thanks in advance. Here is a copy of my config

    Building configuration...
    : Saved
    :
    PIX Version 6.3(3)
    interface ethernet0 auto
    interface ethernet1 auto
    interface ethernet2 auto shutdown
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    nameif ethernet2 intf2 security4
    enable password ************** encrypted
    passwd ******** encrypted
    hostname ABCD
    domain-name ABC
    clock timezone CST -6
    clock summer-time CDT recurring
    fixup protocol dns maximum-length 512
    fixup protocol ftp 21
    fixup protocol h323 h225 1720
    fixup protocol h323 ras 1718-1719
    fixup protocol http 80
    fixup protocol rsh 514
    fixup protocol rtsp 554
    fixup protocol sip 5060
    fixup protocol sip udp 5060
    fixup protocol skinny 2000
    fixup protocol smtp 25
    fixup protocol sqlnet 1521
    fixup protocol tftp 69
    names
    name 10.12.0.0 remte1
    name 10.10.70.41 Syslog
    access-list outside_cryptomap_20 permit ip 10.10.0.0 255.255.0.0 10.11.0.0 255.255.0.0
    access-list inside_nat0_outbound permit ip 10.10.0.0 255.255.0.0 10.11.0.0 255.255.0.0
    access-list inside_nat0_outbound permit ip 10.10.0.0 255.255.0.0 SIBZ 255.255.0.0
    access-list outside_cryptomap_40 permit ip 10.10.0.0 255.255.0.0 SIBZ 255.255.0.0
    access-list 101 permit tcp host 10.10.200.201 host x.x.x.x eq telnet
    pager lines 24
    logging on
    logging timestamp
    logging trap warnings
    logging host inside Syslog
    icmp deny any outside
    mtu outside 1500
    mtu inside 1500
    mtu intf2 1500
    ip address outside x.x.x.x x.x.x.x
    ip address inside 10.10.17.77 255.255.0.0
    no ip address intf2
    ip verify reverse-path interface outside
    ip audit info action alarm
    ip audit attack action alarm
    pdm location 10.0.0.0 255.0.0.0 inside
    pdm location 10.11.0.0 255.255.0.0 outside
    pdm logging warnings 100
    pdm history enable
    arp timeout 14400
    nat (inside) 0 access-list inside_nat0_outbound
    route outside 0.0.0.0 0.0.0.0 x.x.x.x 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
    timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout uauth 0:05:00 absolute
    aaa-server TACACS+ protocol tacacs+
    aaa-server RADIUS protocol radius
    aaa-server LOCAL protocol local
    http server enable
    http 10.10.0.0 255.255.0.0 inside
    http 10.11.0.0 255.255.0.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server community public
    no snmp-server enable traps
    floodguard enable
    sysopt connection permit-ipsec
    crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
    crypto map outside_map 20 ipsec-isakmp
    crypto map outside_map 20 match address outside_cryptomap_20
    crypto map outside_map 20 set peer x.x.x.x
    crypto map outside_map 20 set transform-set ESP-AES-192-SHA
    crypto map outside_map 40 ipsec-isakmp
    crypto map outside_map 40 match address outside_cryptomap_40
    crypto map outside_map 40 set peer x.x.x.x
    crypto map outside_map 40 set transform-set ESP-AES-192-SHA
    crypto map outside_map interface outside
    isakmp enable outside
    isakmp key ******** address x.x.x.x netmask 255.255.255.255 no-xauth no-config-mode
    isakmp key ******** address x.x.x.x netmask 255.255.255.255 no-xauth no-config-mode
    isakmp policy 20 authentication pre-share
    isakmp policy 20 encryption aes-192
    isakmp policy 20 hash sha
    isakmp policy 20 group 5
    isakmp policy 20 lifetime 86400
    telnet 10.10.0.0 255.255.0.0 inside
    telnet timeout 15
    ssh timeout 5
    management-access inside
    console timeout 0
    username ****** password ******* encrypted privilege 15
    terminal width 80
    : end
    [OK]
     
    smokey7244521, Nov 22, 2006
    #1
    1. Advertising

  2. smokey7244521

    ahmad82pkn

    Joined:
    Oct 9, 2006
    Messages:
    3
    first of all to acees public ip u need to allow internet access.
    then limit this access with accesslist for that particular machine with telent port only.
     
    ahmad82pkn, Nov 29, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. S.Rodgers
    Replies:
    13
    Views:
    1,739
    Doug G
    Dec 16, 2005
  2. Thaqalain
    Replies:
    0
    Views:
    751
    Thaqalain
    Jun 30, 2005
  3. John
    Replies:
    0
    Views:
    546
  4. Kremlar

    opening a port on my PIX-506E

    Kremlar, Dec 6, 2006, in forum: Cisco
    Replies:
    5
    Views:
    1,110
    Chad Mahoney
    Dec 7, 2006
  5. mykke101

    opening port in PIX 501

    mykke101, May 16, 2011, in forum: Cisco
    Replies:
    0
    Views:
    901
    mykke101
    May 16, 2011
Loading...

Share This Page