Cisco PIX: Allow Traffic to an Internal Host

Posted by Al Banks in Cisco firewall

The following tech-recipe describes how to permit selected traffic to an internal host.


First, a static mapping must be made for the host. There is another tech-recipe for this configuration.

static (inside,outside) 1.1.1.1 192.168.0.100 netmask 255.255.255.255

To allow traffic, a conduit must be constructed. For example, to allow ICMP (ping) traffic to all hosts from anywhere (bad idea), use the following:
conduit permit icmp any any

To allow SSH to a specific host from anywhere, use the following:
conduit permit tcp host 1.1.1.1 eq 22 any

With ACLs, type the following:

access-list 100 permit tcp any host 1.1.1.1 22
access-group 100 in interface outside

 

About Al Banks


View more articles by Al Banks

The Conversation

Follow the reactions below and share your own thoughts.

Leave a Reply

You may also like-

PPTP on Cisco ASA or PIX 6.3 or later codePPTP on Cisco ASA or PIX 6.3 or later codeIn PIX 6.3 and later, support for PPTP through the PIX has been added. Before version 6.3, a PIX needed to be configured to ... How to (more) safely run debugs on Cisco routersHow to (more) safely run debugs on Cisco routersRunning debug commands can bring a busy router to a crawl. Not sending the output to the console can help. This tech-recipe describes turning ...