I need to allow users outside to access the equipment via ht
Last response: in Networking
Hi,
Please i have a CiscoFirewall Pix515e
I need to allow users outside to access the equipment via http![:p]( ":p")
ublicaddress
how can i go abt it
thanks
Please i have a CiscoFirewall Pix515e
I need to allow users outside to access the equipment via http
ublicaddresshow can i go abt it
thanks
More about : users access equipment
hi,
The senario is i have a compaq server connected to the Pix firewall via a cisco swtich and a VOIP equipment connected to the PIX firewall as well.
The PIX Outside Interface is 193.212.90.123 (not real)
The Server Local IP is 192.21.2.2 and the Public is 193.212.90.124
The VOIP Equipment Local IP is 192.21.2.4 and the public is 193.212.90.125.
The issue is to allow,
1. Allow users telnet into the server from outside
2.Allow users from ouside able to access the VOIP from outside via HTTP
3. again i discover that i can ping 193.212.90.123 from outside the network and i can't just ping 193.212.90.124 & 193.212.90.125. Why is it so?
Thanks while i wait for your response
The senario is i have a compaq server connected to the Pix firewall via a cisco swtich and a VOIP equipment connected to the PIX firewall as well.
The PIX Outside Interface is 193.212.90.123 (not real)
The Server Local IP is 192.21.2.2 and the Public is 193.212.90.124
The VOIP Equipment Local IP is 192.21.2.4 and the public is 193.212.90.125.
The issue is to allow,
1. Allow users telnet into the server from outside
2.Allow users from ouside able to access the VOIP from outside via HTTP
3. again i discover that i can ping 193.212.90.123 from outside the network and i can't just ping 193.212.90.124 & 193.212.90.125. Why is it so?
Thanks while i wait for your response
Related ressources
- Cybercafe: Saving energy exhausting all PC's hot air to the outside . - Forum
- Should we allow the rich to get richer? - Forum
- [Case Log] Project Sestren Worklog -World's First Back/ Outside Mounted - Forum
- Dual WAN (Dual satellite) and topology for 17 users - Forum
- Intel gets access to ATI patents via new settlement - Forum
Hello Tim,
If I understand correctly you want the Compaq server available to the outside for SSH access. You'll have to configure this server with a static outside address using the "static (inside,outside) outside-ip inside-ip netmask x.x.x.x)" where the outside address is one of your available IPs provided by your ISP and inside is the inside local IP address of that server.
Once you fix that server with a static address you'll need to configure an access-list for the outside interface on the pix permitting a certain address range or any address to the address you statically assigned to the server
Using a named access-list is best for this:
access-list ACL_OUTSIDE-INBOUND extended permit "source address or range" "destination address or range" eq telnet
Then to apply the access-list to the outside interface use:
access-group ACL_OUTSIDE_INBOUND in interface outside
You'll probably have to add more statements to that access-list depending on your needs.
If I understand correctly you want the Compaq server available to the outside for SSH access. You'll have to configure this server with a static outside address using the "static (inside,outside) outside-ip inside-ip netmask x.x.x.x)" where the outside address is one of your available IPs provided by your ISP and inside is the inside local IP address of that server.
Once you fix that server with a static address you'll need to configure an access-list for the outside interface on the pix permitting a certain address range or any address to the address you statically assigned to the server
Using a named access-list is best for this:
access-list ACL_OUTSIDE-INBOUND extended permit "source address or range" "destination address or range" eq telnet
Then to apply the access-list to the outside interface use:
access-group ACL_OUTSIDE_INBOUND in interface outside
You'll probably have to add more statements to that access-list depending on your needs.
If you're not comfortable with configuring the PIX 515 via console, you should do so with the web GUI built into the the PIX OS. To set that up, console into the PIX. Then from config t, issue these commands:
http server enable
http <IP of the workstation to allow GUI access> <netmask> <interface name>
You need to set up ACL rules to allow sessions through the firewall. Personally, I would do a client to PIX VPN connection to secure the traffic. If that isn't possible, I would do as suggested by Zakkas and use SSH and not Telnet. All Telnet traffic is in clear text.
http server enable
http <IP of the workstation to allow GUI access> <netmask> <interface name>
You need to set up ACL rules to allow sessions through the firewall. Personally, I would do a client to PIX VPN connection to secure the traffic. If that isn't possible, I would do as suggested by Zakkas and use SSH and not Telnet. All Telnet traffic is in clear text.
Related ressources:
- ForumUse PCS for internect connection via laptop???
- ForumMobhunter: The Equipment Gap
- ForumWiFi network setup for 200 users
- ForumNeed a Soundcard with 5.1 Through Optical
- ForumNeed help setting a gaming server
- ForumSecure Remote Access for Home Users
- ForumDoes NAS allow for this?
- ForumWhat's In Your Arsenal? (Gaming Equipment )
- ForumPhotos Of Coast Line In The UK Not Allowed
- Forumd-link DI524 seems to block outside access
- ForumUsing a wireless access point?
- ForumUsing a wireless access point?
- ForumNow that Phenom II has limped in...
- ForumI need a MOBO that will allow Dual SLI, a PhysX card, an X-F
- ForumLan setup please help
- More resources
Read discussions in other Networking categories
!
