Allow outside access to the subnet to an internal host.

Sorry Pix beginner,

I have a server on my network with a 192.168.1.10 address. I need allow 123.45/16 network to access the server withonly 10 open port.

should I nat address to my server internal, giving it an audience then only open port 22? or is there a better way? If I do this way how can I say only for the inside network and the rest of the world?

That's what I thought, but didn't know how to add access to this specific network:

public static public_ip (Interior, exterior) internal_server_ip netmask 255.255.255.255 0 0

acl_out list access permit tcp any host public_ip eq 22

can I replace the any part of the host with 123.45.0.0 255.255.255.0?

Thanks for any help...

Hello bchyka,

Your static data and ACL seems ok... If you want to access from 123.45/16 network on the public server, you can replace the ACL as

access list acl-enabled tcp 123.45.0.0 255.255.0.0 welcome public eq 22

Otherwise, your Setup program should work fine for traffic to port 22...

I hope this helps... all the best... the rate of responses if deemed useful...

REDA

Tags: Cisco Security

Similar Questions

  • How to configure windows 7 pc to allow full access to the xp pc.

    original title: how to configure windows 7 pc to allow full access to the xp pc. Both PCs have been configured for full sharing

    How to configure windows 7 pc to allow full access to the xp pc. Both PCs have been configured for full sharing. Windows 7 pc has full access to the xp pc. However, on xp pc, all readers of windows FP7 can be seen, but access not authorized expect public folders.

    Any suggestions welcome

    Search in the sharing folder entries in a procedure step by step for the creation of a network of Ethernet cable of two computers between Windows 7 and Windows XP with ICS

    You will be able to share files in C:\Users but Windows 7 has special protection on the folder root the C:\ drive and others.

  • with the accession of cloud creative as well as all my photos online, can I allow others access to the view my photos?

    with the accession of cloud creative as well as all my photos online, can I allow others access to the view my photos?

    Please check the latter:

    Store and share content with Adobe Creative active Cloud | Tutorials Adobe Creative Cloud

    Adobe Lightroom for FAQ mobile

    Adobe Creative Cloud desktop application: Questions and answers

    In the case still pending, please contact support for this: Support from Adobe

    Concerning

    Stéphane

  • How to allow another access to the computer through firewall

    How to enable another computer game acess my fire wall

    Hi Roy,

    If you are using Windows Firewall, the last item in this article shows you how to open a port in the firewall to allow access: http://windows.microsoft.com/en-us/windows7/Firewall-frequently-asked-questions.

    For more information, see the following: http://technet.microsoft.com/en-us/library/cc722062 (WS.10) .aspx.

    It may be more than just the firewall.  You need to allow remote access (in control panel / system / remote settings / Remote Access) and Remote Desktop (same place, but just below).

    Here is an article on the remote desktop for Vista: http://windows.microsoft.com/en-US/windows-vista/Remote-Desktop-Connection-frequently-asked-questions (because I do not know your operating system - you can perform a search Bing for office remotely for your operating system to find something similar).

    I hope this helps.

    Good luck!

  • The VPN Clients need access to the subnet on another router

    Hello

    We have a pix 515e PIX Version 8.0 (2)

    We have two subnet 10.1.x.x/16 and 10.2.x.x/16

    The firewall is on 10.1.x.x and vpn clients can access this subnet.

    The firewall can ping 10.2.x.y where x is a server in the other subnet.

    On the 10.2.x.x customers out the firewall.

    The problem is that vpn clients cannot access the server of 10.2.x.y even if the pix can ping 10.2.x.y and the road for him.

    What I need to check that the vpn rules are correct in the pix 515e?

    I think it is a rule of exemption nat or something like that not exactly sure.

    Everything would be a great help.

    Thank you

    Hello

    For clients VPN access to these subnets, check the following:

    1 NAT exemption include these subnets (if not using NAT)... it's the NAT0 ACL command

    2. these subnets is included in the split tunneling

    3. these subnets have a route to the PIX to send traffic to the VPN client pool.

    4. There are no ACLs not applied to the inside interface of the PIX deny this communication.

    Federico.

  • Allow specific access through the Interfaces ASA 5510

    Hi all

    In my quest to learn Cisco IOS and devices, I need help in smoothing traffic, or access lists, allowing traffic between internal interfaces on the SAA specifically.

    I have an ASA 5510:

    WAN/LAN/DMZ ports labled E0/0 (LAN), E0/1 (WAN), E0/2 (DMZ).

    Connected to the port E0/0 is a 2811 router

    Connected to the port E0/1 is the (external) Internet

    Connected to the port E0/2 is a 2821

    (I'll add a 3745 for VOIP) port E0/3, but it has not yet happened.

    I want to allow traffic between the 2821 and the 2811 routers so that devices on the networks behind them can talk to each other.

    I've specified specific subnets between the ASA and the routers because I want to learn how to shape traffic behind routers, as well as on the ASA. So behind the routers I have different VLANS, but I'm not restrict access between them, still, at least I don't think I am. But as it is, behind the 2821 devices cannot access the DNS / DOMAIN SERVER that is located behind the 2811. Right now I have the routers DHCP power, who works there. Currently devices behind the router 2821-3560 switch cannot access the domain server, primary dns server.

    How can I set the ASA to allow traffic to flow between the two routers and their VLANS?

    Here's the configs of each device and I have also included my switch configs, incase something should be set on them. I only removed the passwords and the parts of the external IP address. I appreciate the help in which States to create and on which devices.

    I think it is best that I put the links to the files of text here.

    Thank you!

    You must remove the following statements on the two routers:
    -# ip nat inside source... overload
    -for each # ip nat inside/outside interface, if they have configured.

    Remove ads rip of the networks that are not directly connected:
    -2821: 172.16.0.0, 192.168.1.0, 199.195.xxx.0
    -2811: 199.195.xxx.0
    -ASA: 128.0.0.0

    No way should be added to the routers, since he is the one by default, put in scene to ASA.

    Check the tables of routing on routers and the ASA.

    On ASA:

    -Remove:
    object-group network # PAT - SOURCE
    # nat (indoor, outdoor) automatic interface after PAT-SOURCE dynamic source

    -create objects of the networks behind the LAN router and enable dynamic NAT:
    network object #.
    subnet
    NAT (inside, outside) dynamic interface

    -review remains NAT rules.

    -to set/adjust the lists access penetration on the interfaces. Do not forget to allow the rip on the LAN and DMZ interfaces.

    -Disable rip on the outside interface.

  • Windows XP security does not allow me access to the browser or the internet

    I'm having a problem with XP Security that keeps popping up almost continuously and prevents me from doing anything , without ordering the software.   It also shows that I have 26 virus, but an another separate scanning with a newly installed anti-virus [Ioio] program stated that 5 and were all deleted/purged.

    I have been using FireFox as my browser and still cannot access Yahoo homepage - impossible to go to the post office or anything else.  Pop up warnings keep coming and display 'Windows XP Security' is still waiting for me to buy their program - and I can not change anything on this menu at all since it keeps redirecting me to the purchase.  I can't get FireFox or even Internet Explorer since it shows a terrible message and does not allow me to circumvent it.

    What can I do to get rid of this problem?  I had to use using another computer to communicate with you and don't know what to do to solve this problem.  This same message/problem seems to resurface every year and made it for 2-3 years.  I resorted to an online, remote help to alleviate the problem in the past, and it still costs a lot of money to solve.  How can I FIX?

    See if that helps.

    http://www.bleepingcomputer.com/virus-removal/remove-total-security

  • E8350 in Bridge mode allow me access to the router with 192.168.1.1

    I have a small home network with the E8350 (AC2400) and a PK5001A of Qwest ActionTec modem.  I needed to put the router in Bridge mode to enable NAT in the modem works properly.  By simply disabling the NAT in the E8350 network broe. Once I placed the E8350 in bridge mode, I lost connectivity via 192.168.1.1.  The network seems to work correctly, I can't access the router remotely.  Is this normal or is it a different setting I'm missing?

    When you have done this, you probably have a new ip address of the primary router. See what she is looking at the main router connections or by manually adjusting it 192.168.1.2 or some other ip that is in your network. If the primary router uses a different subnet as 192.168.0.x, then you must use an IP also in this same range.

  • If I buy a monthly account of xfinity wifi (which allows internet access through the device unique registred) can I use apple TV connected to my TV to the stream of the device on my TV?

    using apple tv to stream xfinity wifi

    The Apple tv needs Internet - wifi or Ethernet. Access normally means places that they have agreements with wifi (i.e. from Starbucks, McDonald's etc.). But you will need a connection Internet for the Apple TV work from your home. Although some use the hotspot on their phone.  You need a speed of ISP at 8mbps for HD streaming on iTunes or netflix requires only 5 for HD (due to compression).

    short answer is that you must get xfinity as your ISP not only access hotspot...

  • Allow unrestricted access of the comments?

    I have an EA4500 wireless router. Here as a guest to the internet access without requiring a password. Is this possible and if so, how? I know how to set the password for comments, but it wont let me value it is empty.

    Unfortunately, it is not possible.

    To accomplish what you want to do, you can buy an extra router, it cascading LAN to WAN and enable the isolation of the AP.

  • Allow remote access to the VPN Cisco ASDM

    Hello

    I am trying to access asdm Setup for the user remote vpn. Our ASA running version 9.1 (1). ASDM is running version 7.1 (1) 52

    I have apart from the interface within the interface enabled for vpn tunnel and I use 3rd interface (asdm_inf) dedicated to this purpose.

    In the asdm, I enabled the management to asdm_inf interface. In the section ASDM, HTTPS, Telnet, SSH, I also add ASDM/HTTPS(port 444) for asdm_inf, ip_address 0.0.0.0 mask 0.0.0.0.

    However, when I connect to the vpn client and try https://asdm_inf:444, the connection is broken with timeout.

    Where could I go wrong? Any help would be appreciated.

    Thank you

    Hello

    Well, split tunnel is incorrect, you are tunneling to 172.16.66.0/24, while your BFD which you want to manage the ASDM to is 192.168.244.0/24, so the ACL split tunnel should also 192.168.244.0/24 network.

  • Software Windows XP security 2012 kidnapped by saying I was might be infected by the virus 20 and would not allow me access to the web, but wouldn't buy the new. WAS - THIS LEGITIMATE?

    I have mcafee - and xp said I was infected

    Hello

    Your system is infected with the virus, update your Mcafee and run a full scan of the system in safe mode. You can also try to download Anti-malware http://www.malwarebytes.org/ and scan your system in safe mode.

    To start your computer in safe mode, you must press the F8 key before the windows screen is loaded (time between the BIOS screen disappears and before you get the windows screen).

    Once you get your system clean everything in safe mode, restart your computer, should be all good.

    I hope this helps.

  • Restrict internet access to only three specific sites on behalf of the employee, but allows full access to the account manager

    Hi all

    In collaboration with a client who wishes to have a cell phone can be used by the staff and management at his restaurant. He wants management to an unrestricted administrator account, but wants the staff to have a user account restricted, such that they can only use web browsers to navigate to three specific sites. Have done the research on this for hours now and can't seem to find a solution to what should be a simple problem. All proposed software costs money, which the owner is not interested. Any help?

    Hello

    Thanks for the reply.

    I'm sorry for the late reply.

    I appreciate your patience.

    I hope that you will soon have the resolution of the issue of the TechNet forums.

    However, you can also consult the security forum as part of TechNet.
    https://social.technet.Microsoft.com/forums/en-us/home?Forum=w7itprosecurity

    Thank you

  • Get write access to the VI API to allow stopping a server ESXi via Toolkit VI

    Shutdown, APC by 3i

    Referring to the above link and more precisely the following statement ' VMware ESXi 3.5u4 has just been launched and the internal API seems to have been fixed and exposed VI API will have only read-only access when you use the version of ESXi license.

    I did some playing with 3.5u4 ESXi and use the VI Toolkit to connect to the host of 3i. I have been unable to stop the ESXi host as it gives me the error "fault. RestrictedVersion.summary ".

    I understand the question (see this link fault. RestrictedVersion.summary).

    My question is how can I pay for that to work (which agents do I need to buy).

    In my scenario (small client under 15 users), I have a server terminal server in physics and I want to implement SBS on a box of 3i. I want to be able to issue a stop command to the area of 3i of the terminal server using the VI toolkit.

    So I'm able to buy an agent / license to allow write access to the API?

    My first thoughts were:

    • I need to purchase a license to host VirtualCenter for this box of 3i.

    • Then, he would be more free and I was able to 'write' API?

    • I guess on the SBS box, I wouldn't need to install virtual center, just the license service so I got somewhere to point the box of 3i in a location of license

    • VirtualCenter can be provided as a serial number or the host license?

    Any ideas or suggestions?

    I like the VI Toolkit to be able to issue the shutdown command, in turn will stop the VM guest for me.

    At least you need the Foundation license which includes vCenter. Which will give you full access r/w to the VI API, this limited restriction applies only to the free version of ESXi, you are aware of.

    This KB provides details on the type of license required for full access in RCLI: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1006543

    =========================================================================

    William Lam

    VMware vExpert 2009

    Scripts for VMware ESX/ESXi and resources at: http://engineering.ucsb.edu/~duonglt/vmware/

    http://Twitter.com/lamw

  • messages when I go to add bitmogji get please enable full access on the key bitmoji Board is on full access, it's after I've downloaded is10

    When I go to add Bitmoji to iMessage I get please allow full access on the keyboard,

    It is configured to access complete this problem is after I download is 10

    This is a known problem, Bitmoji is working on a fix https://twitter.com/Bitmoji/status/775860193360044032

Maybe you are looking for