I have a Pix 506 that is providing internal users with internet access. I have 2 servers internally that I want to be able to access from the internet. One server is running exchange 2000 with outlook web access and hosting web sites The other is a terminal server running on ports 80 and 3389. So lets say that the pix external card has IP 1.1.1.1 and 1.1.1.2 for NAT. Internal on pix is 10.0.0.1. Mail and Web server is 10.0.0.2. Terminal Server is 10.0.0.3. How can I make both servers available from the internet. I have read about conduits and Access lists and groups. Have tried different configs but seem to be missing something. Can anyone help me?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Forwarding to Internal Servers on PIX 506
- Thread starter nettworx
- Start date
HI.
You can easily open these ports using STATIC, ACCESS-LIST & ACCESS-GROUP commands. See here for details:
(Look for command reference of your version).
However - THIS IS WRONG AND NOT SECURE, think of it as driving with a seat belt in 120 MPH speed...
So you should consider VPN technology, or limiting access to specific source IP addresses only.
You must remember that the firewall protection is only as secure as you configure it.
Bye
Yizhar Hurwitz
You can easily open these ports using STATIC, ACCESS-LIST & ACCESS-GROUP commands. See here for details:
(Look for command reference of your version).
However - THIS IS WRONG AND NOT SECURE, think of it as driving with a seat belt in 120 MPH speed...
So you should consider VPN technology, or limiting access to specific source IP addresses only.
You must remember that the firewall protection is only as secure as you configure it.
Bye
Yizhar Hurwitz
- Status
Similar threads
- Locked
- Question
- Locked
- Question