The senario is i have a compaq server connected to the Pix firewall via a cisco swtich and a VOIP equipment connected to the PIX firewall as well.
The PIX Outside Interface is 184.108.40.206 (not real)
The Server Local IP is 220.127.116.11 and the Public is 18.104.22.168
The VOIP Equipment Local IP is 22.214.171.124 and the public is 126.96.36.199.
The issue is to allow,
1. Allow users telnet into the server from outside
2.Allow users from ouside able to access the VOIP from outside via HTTP
3. again i discover that i can ping 188.8.131.52 from outside the network and i can't just ping 184.108.40.206 & 220.127.116.11. Why is it so?
If I understand correctly you want the Compaq server available to the outside for SSH access. You'll have to configure this server with a static outside address using the "static (inside,outside) outside-ip inside-ip netmask x.x.x.x)" where the outside address is one of your available IPs provided by your ISP and inside is the inside local IP address of that server.
Once you fix that server with a static address you'll need to configure an access-list for the outside interface on the pix permitting a certain address range or any address to the address you statically assigned to the server
Using a named access-list is best for this:
access-list ACL_OUTSIDE-INBOUND extended permit "source address or range" "destination address or range" eq telnet
Then to apply the access-list to the outside interface use:
access-group ACL_OUTSIDE_INBOUND in interface outside
You'll probably have to add more statements to that access-list depending on your needs.
If you're not comfortable with configuring the PIX 515 via console, you should do so with the web GUI built into the the PIX OS. To set that up, console into the PIX. Then from config t, issue these commands:
http server enable
http <IP of the workstation to allow GUI access> <netmask> <interface name>
You need to set up ACL rules to allow sessions through the firewall. Personally, I would do a client to PIX VPN connection to secure the traffic. If that isn't possible, I would do as suggested by Zakkas and use SSH and not Telnet. All Telnet traffic is in clear text.