CompTIA
Exam Vouchers
Save money on CompTIA exams
| Question of the day
Sign up to receive
interactive practice questions
for MCSE, CompTIA
Cisco and other exams
| TestKing
Get MCSE, MCSD, CCNA, CCNP,A+, N+ and many more | * ExamSheets *
Guide for Success!
Actual Questions & Answers
MCSE, MCSD, A+ ,CCNA, CCNP
Oracle 8i, Oracle 9i Online practice tests
Certification sites Online university Online college Online education Distance learning Software forum Server administration forum Programming resources
|
|  |
zarcoff
Member
Registered: Sep 2001
Location:
Country: United Kingdom
State:
Certifications: CCNA
Working on:
Total Posts: 99
|
|
 outside to inside
Hi All
I am new to pix, i have a internal pix 515 i would like the inside interface to talk to a internal server on the outside interface; do i need a static and access-list if so give me an e.g. if not explain with a e.g.
outside interface 192.168.61.20
inside 172.16.0.0
Great thanks
Zarcoff
Report this post to a moderator
|
|
 10-13-05 10:12 PM
|
|
jdog0254
Junior Member
M
Registered: Apr 2005
Location:
Country: United States
State:
Certifications: A+, Network+, Server+, CCNA, CCSP
Working on: CCNP, MCSA, CCDA, CCDP
Total Posts: 27
|
|
yes, you do need to have a static and access-list statement. the traffic from the inside interface can go to the outside interface freely, but you need to allow the outside interface to pass traffic to the inside.
access-list server_access permit ip host {server address} 172.16.0.0 255.255.0.0
allow traffic from server to inside
access-group server_access in interface inside
apply acl to inside interface
static (inside,outside) {server ip} 172.16.x.x netmask 255.255.255.255
translate server ip to an inside address
hope this helps
__________________
================
JDog0254
Report this post to a moderator
|
|
|
10-30-05 03:28 PM
|
|
zarcoff
Member
Registered: Sep 2001
Location:
Country: United Kingdom
State:
Certifications: CCNA
Working on:
Total Posts: 99
|
|
|
Reply
Great thanks for the reply i work it, while up grading the pix but great thanks i used this forum 4 years for my ccna but now it not good, most likley to many brain dumpers but thanks anyway.
zarcoff
Report this post to a moderator
|
|
|
10-30-05 06:43 PM
|
|
ccna20
Member
Registered: Dec 2000
Location:
Country:
State:
Certifications:
Working on:
Total Posts: 30
|
|
|
did that actually work??
sorry I didn't quite understand what you were trying to accomplish but the config didn't seem correct. I have examples below that should provide additional assistance. remember traffic flow is allowed from higher int to lower int by default.
out int - 192.168.1.1
web ser - 192.168.1.250
in int - 10.0.1.1
to gain outside access
nat (inside) 1 0 0
global (outside) 1 interface outside
or
global (outside) 1 192.168.1.10 255.255.255.255
both configs will allow traffic to the outside interface and provide Port Addr Translation. You can also restrict the inside addresses allowed out via ACLs.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
This will also work
static (outside,inside) 10.0.1.250 192.168.1.250 netmask 255.255.255.255
access-list inside permit tcp any host 10.0.1.250 eq www
access-group inside in interface inside
This config creates a static nat for the web srv translating the outside addr to the inside addr of 10.0.1.250 allowing any access from the inside network.
Report this post to a moderator
|
|
|
11-01-05 02:35 PM
|
|
|
Featured site: MCSE, MCSD, CompTIA, CCNA training videos
Forum Rules:
Who Can Read The Forum? Any registered user or guest.
Who Can Post New Topics? Any registered user.
Who Can Post Replies? Any registered user.
Changes: Messages can be edited by their author.
Posts: HTML code is OFF. Smilies are ON. vB code is ON. [IMG] code is OFF. |
|
ExamNotes forum archive
|
