Gosh, that means you are allowing accessto your win2k servers from the
outside... Remember... Microsoft doesn't belong on the internet... : )
On a serious note... Say you have a static statement to your internal
host...What ports would you allow through? Surely you are not reffering to
pcanywhere or win2k's remote management console? I would only recommend
this if the source ip was ALWAYS the same and the acl would reflect that!
(And even then as paranoid as I am I still wouldn't do it!)
I might consider throwing a hardened linux box with absolutely no type of
ftp/telnet client on it in the dmz. SSH to it, then re-ssh to the pix. And
rename ssh while you are at it to something inconspicuous and take the
execute attributes off of it! : )
my $.02
-Patrick
>>> "Magdy H. Ibrahim" 09/18/01 10:37AM >>>
Hi,
If your inside servers run W2k then you can setup the remote access service
on the W2k server and add static command on your PIX with conduit command to
permit remote access from outside to your W2k server. then permit telnetting
for this server to the inside interface...
if you want exactly the command mail me again and I'll be pleased to help..
Bytheway there is no way to telnet on the outside interface...
Magdy H. Ibrahim
""NRB"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Guys/Gurus,
>
> Can anyone please help me in setting up Telnet access on outside
interface
> of PIX.
> I heard that we need to uses IPSec and Cisco VPN client. I do not have
VPN
> client,
> can it still be done. Please help.
>
> Thanks,
> NRB
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=20299&t=20271
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
