Cisco PIX: Allow Traffic to an Internal Host

Posted January 29, 2004 by Al Banks in Cisco firewall

Last Updated on

The following tech-recipe describes how to permit selected traffic to an internal host.

First, a static mapping must be made for the host. There is another tech-recipe for this configuration.

static (inside,outside) netmask

To allow traffic, a conduit must be constructed. For example, to allow ICMP (ping) traffic to all hosts from anywhere (bad idea), use the following:
conduit permit icmp any any

To allow SSH to a specific host from anywhere, use the following:
conduit permit tcp host eq 22 any

With ACLs, type the following:

access-list 100 permit tcp any host 22
access-group 100 in interface outside

The Conversation

Follow the reactions below and share your own thoughts.

Leave a Reply