pharaoh fortune slot
ExamNotes.net
Welcome, Guest. Please login or register.
November 22, 2017, 01:50:21 AM

Login with username, password and session length
* Home Help Search Login Register
+  ExamNotes.net
|-+  Cisco
| |-+  Cisco Security exams
| | |-+  outside to inside
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Print
Author Topic: outside to inside  (Read 3415 times)
zarcoff
Member
Jr. Member
**
Offline Offline

Posts: 97

0


View Profile
« on: October 13, 2005, 06:12:21 PM »

Hi All


I am new to pix, i have a internal pix 515 i would like the inside interface to talk to a internal server on the outside interface; do i need a static and access-list if so give me an e.g. if not explain with a e.g.



outside interface 192.168.61.20

inside 172.16.0.0





Great thanks
Zarcoff
Logged
jdog0254
Junior Member

Offline Offline

Posts: 27

0


View Profile
« Reply #1 on: October 30, 2005, 12:28:07 PM »

yes, you do need to have a static and access-list statement.  the traffic from the inside interface can go to the outside interface freely, but you need to allow the outside interface to pass traffic to the inside.  


access-list server_access permit ip host {server address} 172.16.0.0 255.255.0.0
allow traffic from server to inside


access-group server_access in interface inside
apply acl to inside interface


static (inside,outside) {server ip} 172.16.x.x netmask 255.255.255.255
translate server ip to an inside address




hope this helps
Logged

================
JDog0254
zarcoff
Member
Jr. Member
**
Offline Offline

Posts: 97

0


View Profile
« Reply #2 on: October 30, 2005, 03:43:24 PM »

Great thanks for the reply i work it, while up grading the pix but great thanks i used this forum 4 years for my ccna but now it not good, most likley to many brain dumpers but thanks anyway.





zarcoff
Logged
ccna20
Member

Offline Offline

Posts: 30

0


View Profile WWW
« Reply #3 on: November 01, 2005, 11:35:12 AM »

sorry I didn't quite understand what you were trying to accomplish but the config didn't seem correct.  I have examples below that should provide additional assistance.  remember traffic flow is allowed from higher int to lower int by default.

out int - 192.168.1.1
web ser - 192.168.1.250
in int  - 10.0.1.1

to gain outside access
nat (inside) 1 0 0
global (outside) 1 interface outside
           or
global (outside) 1 192.168.1.10 255.255.255.255

both configs will allow traffic to the outside interface and provide Port Addr Translation.  You can also restrict the inside addresses allowed out via ACLs.  
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
This will also work
static (outside,inside) 10.0.1.250 192.168.1.250 netmask 255.255.255.255
access-list inside permit tcp any host 10.0.1.250 eq www
access-group inside in interface inside

This config creates a static nat for the web srv translating the outside addr to the inside addr of 10.0.1.250 allowing any access from the inside network.
Logged
Pages: [1] Print 
« previous next »
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.13 | SMF © 2006-2011, Simple Machines LLC Valid XHTML 1.0! Valid CSS!