PIX: how to allow 1 host from outside interface to access another host on the inside interface?

Discussion in 'Cisco' started by jonnah, Apr 21, 2004.

  1. jonnah

    jonnah Guest

    hello

    we need to allow host on outside interface (using public IP) to access
    (access, meaning to reach via icmp,tcp,whatever) a host on the
    internal network (using private IP) connected to private interface.

    we read that normally outside hosts cannot initiate connections to
    inside interface but we need to do that for software updates.

    thanks
     
    jonnah, Apr 21, 2004
    #1

    1. Advertisements

  2. jonnah

    mcaissie Guest

    -You need first to translate your private IP to a public IP

    static (inside,outside) [public IP] [private IP] netmask 255.255.255.255 0 0

    -Then you need to create an access-list allowing whatever you want

    access-list acl_out permit ip host [external host] host [public IP of your
    internal server]
    access-list acl_out permit icmp host [external host] host [public IP of your
    internal server]

    or to be more granular

    access-list acl_out permit tcp host [external host] host [public IP of your
    internal server] eq [tcp port]
    access-list acl_out permit udp host [external host] host [public IP of your
    internal server] eq [udp port]
    access-list acl_out permit icmp host [external host] host [public IP of your
    internal server]

    -Then you need to apply this access-list to your outside interface

    access-group acl_out in interface outside
     
    mcaissie, Apr 21, 2004
    #2

    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Similar Threads

  1. allow outside to access inside pix 515

  2. allow ssh only on outside interface, but telnet on inside interface of router

  3. Ping PIX inside interface from outside host

  4. PIX 506E Routing from Inside Interface network To outside interface network

  5. PIX pinging outside interface from inside host?

  6. Allow printing traffic from DMZ(Lower Security interface) to inside network on PIX 515E

  7. help with pix inside->outside + dmz->outside + inside->outside->dmz

  8. Pix 506e w/5 static outside IPs - How to create a rule to allow ALL tcp/udp traffic from one outside

Loading...