Sign in with
Sign up | Sign in
Your question

I need to allow users outside to access the equipment via ht

Tags:
  • Routers
  • Networking
Last response: in Networking
Share
July 9, 2006 6:32:58 PM

Hi,
Please i have a CiscoFirewall Pix515e
I need to allow users outside to access the equipment via http:p ublicaddress
how can i go abt it
thanks

More about : users access equipment

July 10, 2006 3:29:34 PM

Quote:
Hi,
Please i have a CiscoFirewall Pix515e
I need to allow users outside to access the equipment via http:p ublicaddress
how can i go abt it
thanks


As far as I know the way you are looking to manage Cisco equipment is through Telnet.
July 10, 2006 7:15:02 PM

hi,
The senario is i have a compaq server connected to the Pix firewall via a cisco swtich and a VOIP equipment connected to the PIX firewall as well.
The PIX Outside Interface is 193.212.90.123 (not real)
The Server Local IP is 192.21.2.2 and the Public is 193.212.90.124
The VOIP Equipment Local IP is 192.21.2.4 and the public is 193.212.90.125.

The issue is to allow,
1. Allow users telnet into the server from outside
2.Allow users from ouside able to access the VOIP from outside via HTTP
3. again i discover that i can ping 193.212.90.123 from outside the network and i can't just ping 193.212.90.124 & 193.212.90.125. Why is it so?

Thanks while i wait for your response
July 10, 2006 7:38:57 PM

I wish I could help you more but I am not to savvy on Cisco at all. There are some really smart Cisco people around here though, hopefully they can help you more then I could.
July 11, 2006 7:02:37 PM

Hello Tim,

If I understand correctly you want the Compaq server available to the outside for SSH access. You'll have to configure this server with a static outside address using the "static (inside,outside) outside-ip inside-ip netmask x.x.x.x)" where the outside address is one of your available IPs provided by your ISP and inside is the inside local IP address of that server.

Once you fix that server with a static address you'll need to configure an access-list for the outside interface on the pix permitting a certain address range or any address to the address you statically assigned to the server

Using a named access-list is best for this:

access-list ACL_OUTSIDE-INBOUND extended permit "source address or range" "destination address or range" eq telnet
Then to apply the access-list to the outside interface use:

access-group ACL_OUTSIDE_INBOUND in interface outside


You'll probably have to add more statements to that access-list depending on your needs.
July 12, 2006 4:59:48 PM

If you're not comfortable with configuring the PIX 515 via console, you should do so with the web GUI built into the the PIX OS. To set that up, console into the PIX. Then from config t, issue these commands:

http server enable
http <IP of the workstation to allow GUI access> <netmask> <interface name>

You need to set up ACL rules to allow sessions through the firewall. Personally, I would do a client to PIX VPN connection to secure the traffic. If that isn't possible, I would do as suggested by Zakkas and use SSH and not Telnet. All Telnet traffic is in clear text.
July 22, 2006 12:00:57 PM

se softwares like personal webserver to use 192.168.1.XXX to users in the network or your.ip.id.here to make your globle web server with Static IP address.
!