ublicaddress
hi,
The senario is i have a compaq server connected to the Pix firewall via a cisco swtich and a VOIP equipment connected to the PIX firewall as well.
The PIX Outside Interface is 193.212.90.123 (not real)
The Server Local IP is 192.21.2.2 and the Public is 193.212.90.124
The VOIP Equipment Local IP is 192.21.2.4 and the public is 193.212.90.125.
The issue is to allow,
1. Allow users telnet into the server from outside
2.Allow users from ouside able to access the VOIP from outside via HTTP
3. again i discover that i can ping 193.212.90.123 from outside the network and i can't just ping 193.212.90.124 & 193.212.90.125. Why is it so?
Thanks while i wait for your response
The senario is i have a compaq server connected to the Pix firewall via a cisco swtich and a VOIP equipment connected to the PIX firewall as well.
The PIX Outside Interface is 193.212.90.123 (not real)
The Server Local IP is 192.21.2.2 and the Public is 193.212.90.124
The VOIP Equipment Local IP is 192.21.2.4 and the public is 193.212.90.125.
The issue is to allow,
1. Allow users telnet into the server from outside
2.Allow users from ouside able to access the VOIP from outside via HTTP
3. again i discover that i can ping 193.212.90.123 from outside the network and i can't just ping 193.212.90.124 & 193.212.90.125. Why is it so?
Thanks while i wait for your response
Hello Tim,
If I understand correctly you want the Compaq server available to the outside for SSH access. You'll have to configure this server with a static outside address using the "static (inside,outside) outside-ip inside-ip netmask x.x.x.x)" where the outside address is one of your available IPs provided by your ISP and inside is the inside local IP address of that server.
Once you fix that server with a static address you'll need to configure an access-list for the outside interface on the pix permitting a certain address range or any address to the address you statically assigned to the server
Using a named access-list is best for this:
access-list ACL_OUTSIDE-INBOUND extended permit "source address or range" "destination address or range" eq telnet
Then to apply the access-list to the outside interface use:
access-group ACL_OUTSIDE_INBOUND in interface outside
You'll probably have to add more statements to that access-list depending on your needs.
If I understand correctly you want the Compaq server available to the outside for SSH access. You'll have to configure this server with a static outside address using the "static (inside,outside) outside-ip inside-ip netmask x.x.x.x)" where the outside address is one of your available IPs provided by your ISP and inside is the inside local IP address of that server.
Once you fix that server with a static address you'll need to configure an access-list for the outside interface on the pix permitting a certain address range or any address to the address you statically assigned to the server
Using a named access-list is best for this:
access-list ACL_OUTSIDE-INBOUND extended permit "source address or range" "destination address or range" eq telnet
Then to apply the access-list to the outside interface use:
access-group ACL_OUTSIDE_INBOUND in interface outside
You'll probably have to add more statements to that access-list depending on your needs.
If you're not comfortable with configuring the PIX 515 via console, you should do so with the web GUI built into the the PIX OS. To set that up, console into the PIX. Then from config t, issue these commands:
http server enable
http <IP of the workstation to allow GUI access> <netmask> <interface name>
You need to set up ACL rules to allow sessions through the firewall. Personally, I would do a client to PIX VPN connection to secure the traffic. If that isn't possible, I would do as suggested by Zakkas and use SSH and not Telnet. All Telnet traffic is in clear text.
http server enable
http <IP of the workstation to allow GUI access> <netmask> <interface name>
You need to set up ACL rules to allow sessions through the firewall. Personally, I would do a client to PIX VPN connection to secure the traffic. If that isn't possible, I would do as suggested by Zakkas and use SSH and not Telnet. All Telnet traffic is in clear text.
TRENDING THREADS
-
-
Question I’m going to build a budget pc these are the specs open to advice the budget is £500
- Started by NotSure25
- Replies: 4
-
Question should i put the new 3050 lp in a sff hp g3?- Started by jordanbuilds1
- Replies: 9
-
-
News Chinese may be evading Nvidia GPU sanctions with Dell, Gigabyte, and Supermicro servers: Report- Started by Admin
- Replies: 3
-
-
Discussion What's your favourite video game you've been playing?- Started by amdfangirl
- Replies: 3K
Facebook
Twitter
Instagram