PIX: how to allow 1 host from outside interface to access another host on the inside interface?

Discussion in 'Cisco' started by jonnah, Apr 21, 2004.

  1. jonnah

    jonnah Guest

    hello

    we need to allow host on outside interface (using public IP) to access
    (access, meaning to reach via icmp,tcp,whatever) a host on the
    internal network (using private IP) connected to private interface.

    we read that normally outside hosts cannot initiate connections to
    inside interface but we need to do that for software updates.

    thanks
    jonnah, Apr 21, 2004
    #1
    1. Advertising

  2. jonnah

    mcaissie Guest

    Re: how to allow 1 host from outside interface to access another host on the inside interface?

    "jonnah" <> wrote in message
    news:...
    > hello
    >
    > we need to allow host on outside interface (using public IP) to access
    > (access, meaning to reach via icmp,tcp,whatever) a host on the
    > internal network (using private IP) connected to private interface.
    >
    > we read that normally outside hosts cannot initiate connections to
    > inside interface but we need to do that for software updates.
    >
    > thanks


    -You need first to translate your private IP to a public IP

    static (inside,outside) [public IP] [private IP] netmask 255.255.255.255 0 0

    -Then you need to create an access-list allowing whatever you want

    access-list acl_out permit ip host [external host] host [public IP of your
    internal server]
    access-list acl_out permit icmp host [external host] host [public IP of your
    internal server]

    or to be more granular

    access-list acl_out permit tcp host [external host] host [public IP of your
    internal server] eq [tcp port]
    access-list acl_out permit udp host [external host] host [public IP of your
    internal server] eq [udp port]
    access-list acl_out permit icmp host [external host] host [public IP of your
    internal server]

    -Then you need to apply this access-list to your outside interface

    access-group acl_out in interface outside
    mcaissie, Apr 21, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. gregg
    Replies:
    3
    Views:
    4,644
    Walter Roberson
    Dec 5, 2003
  2. no-one
    Replies:
    0
    Views:
    1,445
    no-one
    Jul 28, 2004
  3. Al
    Replies:
    1
    Views:
    687
  4. Cen
    Replies:
    1
    Views:
    667
    Chris
    Sep 19, 2005
  5. Jack
    Replies:
    0
    Views:
    652
Loading...

Share This Page