Connecting to switches behind a PIX

[myng94]

Please provide advice on the following:

PIX connected to ISP on outside interface, providing dhcp and nat for the entire network.

6-switches connected to the inside interface of the pix. The switches will have 192.168.x.x addresses on the mgmt. interface.

A public IP will be on the outside interface of the PIX.

HOW CAN I ACCESS THE SWITCHES REMOTELY IN THIS SETUP??

Thanks for any tips

 

[ChrisAC]

Port forwarding.

Chris.


**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************

 

[ciscoexpert]

What kind of remote access are you trying to achieve ?

Telnet ??

Permit telnet traffic from outside to inside using conduit or access-list.

Put a static command to map one public IP to one of the switch management addresses. Once you are able to telnet to one of the switches. You can then telnet to other switches from then on.

Hope that helps!

Sankar Nair
General Datatech l.p.

http://www.generaldatatech.com

 

[myng94]

Thanks Guys,

I should be o.k. from this point

 

[baddos]

I won't recommend port forwarding telnet to your switches. I would rather use the PIX as a VPN end point, and VPN in.

 

[myng94]

Guys,

I'm not having any success with telnet to the switch, here are 2 lines from my pix:

static (inside, outside) x.x.x.x(pix outside interface) 192.168.x.x<---IP of the switch
access-list 110 permit tcp any host x.x.x.x (pix outside interface) eq telnet

web and icmp traffic is flowing o.k., please help me reach the switch from the outside. just a note.... i can telnet to the switch from the inside.

 

[tschouten]

I agree with BADDOS, use the pix as a VPN end point. VPN in to the network then use telnet. It will be like you are inside the network (because you are). It is more secure and it will work.

 

[seabass1]

change your static command:
static (inside,outside) tcp x.x.x.x telnet 192.168.x.x telnet netmask