I am going to seperate two small lans with a PIX 501. My goal is to have a pc hanging off of the outside nic to telnet through the pix to a server hanging off of the inside nic.
192.168.144.1-----192.168.144.254-----199.199.199.1-----199.199.199.2
192.168.144.1 =255.255.255.0,server on inside
192.168.144.254=255.255.255.0,inside nic of pix
199.199.199.1 =255.255.255.248,outside nic of pix
199.199.199.2 =255.255.255.248,pc on outside
I verified connectivity by using an icmp statement to allow me to ping from the inside pc to the outside pc.
#access-list allowin permit icmp 199.199.199.2 255.255.255.255 any (then used the access-group to activate it)
I thought I could use the access-list statement to allow the same for port 23 tcp and udp by:
#access-list allowtelnet permit tcp 199.199.199.2 255.255.255.255 23 192.168.144.1 255.255.255.255 23
#access-list allowtelnet permit udp 199.199.199.2 255.255.255.255 23 192.168.144.1 255.255.255.255 23
then
access-group allowtelnet in int outside
I am fairly new to configuring a pix, so I appreciate any advice anyone can give me.
Thanks!
192.168.144.1-----192.168.144.254-----199.199.199.1-----199.199.199.2
192.168.144.1 =255.255.255.0,server on inside
192.168.144.254=255.255.255.0,inside nic of pix
199.199.199.1 =255.255.255.248,outside nic of pix
199.199.199.2 =255.255.255.248,pc on outside
I verified connectivity by using an icmp statement to allow me to ping from the inside pc to the outside pc.
#access-list allowin permit icmp 199.199.199.2 255.255.255.255 any (then used the access-group to activate it)
I thought I could use the access-list statement to allow the same for port 23 tcp and udp by:
#access-list allowtelnet permit tcp 199.199.199.2 255.255.255.255 23 192.168.144.1 255.255.255.255 23
#access-list allowtelnet permit udp 199.199.199.2 255.255.255.255 23 192.168.144.1 255.255.255.255 23
then
access-group allowtelnet in int outside
I am fairly new to configuring a pix, so I appreciate any advice anyone can give me.
Thanks!
