PIX: how to allow 1 host from outside interface to access another host on the inside interface?

Discussion in 'Cisco' started by jonnah, Apr 21, 2004.

  1. jonnah

    jonnah Guest

    hello

    we need to allow host on outside interface (using public IP) to access
    (access, meaning to reach via icmp,tcp,whatever) a host on the
    internal network (using private IP) connected to private interface.

    we read that normally outside hosts cannot initiate connections to
    inside interface but we need to do that for software updates.

    thanks
     
    jonnah, Apr 21, 2004
    #1

    1. Advertisements

  2. jonnah

    mcaissie Guest

    Re: how to allow 1 host from outside interface to access another host on the inside interface?

    "jonnah" <> wrote in message
    news:...
    > hello
    >
    > we need to allow host on outside interface (using public IP) to access
    > (access, meaning to reach via icmp,tcp,whatever) a host on the
    > internal network (using private IP) connected to private interface.
    >
    > we read that normally outside hosts cannot initiate connections to
    > inside interface but we need to do that for software updates.
    >
    > thanks

    -You need first to translate your private IP to a public IP

    static (inside,outside) [public IP] [private IP] netmask 255.255.255.255 0 0

    -Then you need to create an access-list allowing whatever you want

    access-list acl_out permit ip host [external host] host [public IP of your
    internal server]
    access-list acl_out permit icmp host [external host] host [public IP of your
    internal server]

    or to be more granular

    access-list acl_out permit tcp host [external host] host [public IP of your
    internal server] eq [tcp port]
    access-list acl_out permit udp host [external host] host [public IP of your
    internal server] eq [udp port]
    access-list acl_out permit icmp host [external host] host [public IP of your
    internal server]

    -Then you need to apply this access-list to your outside interface

    access-group acl_out in interface outside
     
    mcaissie, Apr 21, 2004
    #2

    1. Advertisements

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Similar Threads
  1. gregg

    allow outside to access inside pix 515

    gregg, Dec 4, 2003, in forum: Cisco
    Replies:
    3
    Views:
    5,240
    Walter Roberson
    Dec 5, 2003
  2. no-one

    allow ssh only on outside interface, but telnet on inside interface of router

    no-one, Jul 28, 2004, in forum: Cisco
    Replies:
    0
    Views:
    2,867
    no-one
    Jul 28, 2004
  3. Al

    Ping PIX inside interface from outside host

    Al, Dec 27, 2004, in forum: Cisco
    Replies:
    1
    Views:
    1,521
    PES
    Dec 28, 2004
  4. marti314

    PIX 506E Routing from Inside Interface network To outside interface network

    marti314, Aug 4, 2005, in forum: Cisco
    Replies:
    1
    Views:
    2,531
    Walter Roberson
    Aug 5, 2005
  5. Cen

    PIX pinging outside interface from inside host?

    Cen, Sep 19, 2005, in forum: Cisco
    Replies:
    1
    Views:
    1,047
    Chris
    Sep 19, 2005

  6. Allow printing traffic from DMZ(Lower Security interface) to inside network on PIX 515E

    , Dec 8, 2005, in forum: Cisco
    Replies:
    4
    Views:
    4,452
    GI
    Dec 15, 2005
  7. Jack

    help with pix inside->outside + dmz->outside + inside->outside->dmz

    Jack, Sep 19, 2007, in forum: Cisco
    Replies:
    0
    Views:
    1,116
    Jack
    Sep 19, 2007
  8. kyoo

    Pix 506e w/5 static outside IPs - How to create a rule to allow ALL tcp/udp traffic from one outside

    kyoo, Apr 6, 2008, in forum: Cisco
    Replies:
    22
    Views:
    2,669
    Aceman
    Apr 12, 2008
Loading...