Cisco PIX: Allow Traffic to an Internal Host
The following tech-recipe describes how to permit selected traffic to an internal host.
First, a static mapping must be made for the host. There is another tech-recipe for this configuration.
static (inside,outside) 220.127.116.11 192.168.0.100 netmask 255.255.255.255
To allow traffic, a conduit must be constructed. For example, to allow ICMP (ping) traffic to all hosts from anywhere (bad idea), use the following:
conduit permit icmp any any
To allow SSH to a specific host from anywhere, use the following:
conduit permit tcp host 18.104.22.168 eq 22 any
With ACLs, type the following:
access-list 100 permit tcp any host 22.214.171.124 22
access-group 100 in interface outside
Follow the reactions below and share your own thoughts.