Cisco PIX: Allow Traffic to an Internal Host
The following tech-recipe describes how to permit selected traffic to an internal host.
First, a static mapping must be made for the host. There is another tech-recipe for this configuration.
static (inside,outside) 188.8.131.52 192.168.0.100 netmask 255.255.255.255
To allow traffic, a conduit must be constructed. For example, to allow ICMP (ping) traffic to all hosts from anywhere (bad idea), use the following:
conduit permit icmp any any
To allow SSH to a specific host from anywhere, use the following:
conduit permit tcp host 184.108.40.206 eq 22 any
With ACLs, type the following:
access-list 100 permit tcp any host 220.127.116.11 22
access-group 100 in interface outside
Follow the reactions below and share your own thoughts.