I've not tried it yet, but if you're using version 6.0, how about using port
re-direction - Using one IP address on the outside, but telnet to a
different port for each internal device.
static (inside,outside) tcp 192.168.124.99 3001 10.1.1.1 telnet netmask
255.255.255.255 0 0
static (inside,outside) tcp 192.168.124.99 3002 10.1.1.2 telnet netmask
255.255.255.255 0 0
static (inside,outside) tcp 192.168.124.99 3003 10.1.1.3 telnet netmask
255.255.255.255 0 0
With the relevant access lists to control who can telnet to the devices.
Then just:
"telnet 192.168.124.99 3001 etc"
Looks good but needs testing. Anybody rip it to pieces???
Gaz
""Bruce Williams"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I have many devices on the inside (most secure) interface of my PIX that I
> need to allow telnet and ftp access to users from the outside (least
secure)
> interface of the PIX. I know that I can create a static map to the inside
IP
> addresses, but I dont have enough outside IP addresses to support all of
the
> devices on the inside. I am using PAT to allow users from the inside (most
> secure) interface to get access to the outside (less secure) interface.
Can
> I use PAT the same way to allow outside users to access the inside servers
> on one address or is there a way to open the PIX up for all users from the
> outside to get in on a temporary basis?
>
> Bruce Williams
> 215-275-2723
> [EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=15558&t=15518
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
