Re: PIX Question [7:15518]

Thu, 09 Aug 2001 18:59:59 -0700 

I am not sure that you can specify the port numbers on that outside address,
but I will try it tomorrow. Someone also suggested that I create a telnet
server and telnet to it first and then telnet to other devices. but I did
not think it would work because I did not think the PIX would allow the
second Telnet session. Now that I think about it the packets should return
to the telnet server and then be packaged with the original source and
destination address to return to the outside host.


I will try them both!

Thanks,

Bruce

""Gareth Hinton""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I've not tried it yet, but if you're using version 6.0, how about using
port
> re-direction - Using one IP address on the outside, but telnet to a
> different port for each internal device.
>
> static (inside,outside) tcp 192.168.124.99 3001 10.1.1.1 telnet netmask
> 255.255.255.255 0 0
> static (inside,outside) tcp 192.168.124.99 3002 10.1.1.2 telnet netmask
> 255.255.255.255 0 0
> static (inside,outside) tcp 192.168.124.99 3003 10.1.1.3 telnet netmask
> 255.255.255.255 0 0
>
> With the relevant access lists to control who can telnet to the devices.
>
> Then just:
>
> "telnet 192.168.124.99 3001 etc"
>
> Looks good but needs testing. Anybody rip it to pieces???
>
> Gaz
>
>
> ""Bruce Williams""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > I have many devices on the inside (most secure) interface of my PIX that
I
> > need to allow telnet and ftp access to users from the outside (least
> secure)
> > interface of the PIX. I know that I can create a static map to the
inside
> IP
> > addresses, but I dont have enough outside IP addresses to support all of
> the
> > devices on the inside. I am using PAT to allow users from the inside
(most
> > secure) interface to get access to the outside (less secure) interface.
> Can
> > I use PAT the same way to allow outside users to access the inside
servers
> > on one address or is there a way to open the PIX up for all users from
the
> > outside to get in on a temporary basis?
> >
> > Bruce Williams
> > 215-275-2723
> > [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=15569&t=15518
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to