Allow outside access to the subnet to an internal host.
Sorry Pix beginner,
I have a server on my network with a 192.168.1.10 address. I need allow 123.45/16 network to access the server withonly 10 open port.
should I nat address to my server internal, giving it an audience then only open port 22? or is there a better way? If I do this way how can I say only for the inside network and the rest of the world?
That's what I thought, but didn't know how to add access to this specific network:
public static public_ip (Interior, exterior) internal_server_ip netmask 255.255.255.255 0 0
acl_out list access permit tcp any host public_ip eq 22
can I replace the any part of the host with 123.45.0.0 255.255.255.0?
Thanks for any help...
Hello bchyka,
Your static data and ACL seems ok... If you want to access from 123.45/16 network on the public server, you can replace the ACL as
access list acl-enabled tcp 123.45.0.0 255.255.0.0 welcome public eq 22
Otherwise, your Setup program should work fine for traffic to port 22...
I hope this helps... all the best... the rate of responses if deemed useful...
REDA
Tags: Cisco Security
Similar Questions
-
How to configure windows 7 pc to allow full access to the xp pc.
original title: how to configure windows 7 pc to allow full access to the xp pc. Both PCs have been configured for full sharing
How to configure windows 7 pc to allow full access to the xp pc. Both PCs have been configured for full sharing. Windows 7 pc has full access to the xp pc. However, on xp pc, all readers of windows FP7 can be seen, but access not authorized expect public folders.
Any suggestions welcomeSearch in the sharing folder entries in a procedure step by step for the creation of a network of Ethernet cable of two computers between Windows 7 and Windows XP with ICS
You will be able to share files in C:\Users but Windows 7 has special protection on the folder root the C:\ drive and others.
-
with the accession of cloud creative as well as all my photos online, can I allow others access to the view my photos?
Please check the latter:
Store and share content with Adobe Creative active Cloud | Tutorials Adobe Creative Cloud
Adobe Lightroom for FAQ mobile
Adobe Creative Cloud desktop application: Questions and answers
In the case still pending, please contact support for this: Support from Adobe
Concerning
Stéphane
-
How to allow another access to the computer through firewall
How to enable another computer game acess my fire wall
Hi Roy,
If you are using Windows Firewall, the last item in this article shows you how to open a port in the firewall to allow access: http://windows.microsoft.com/en-us/windows7/Firewall-frequently-asked-questions.
For more information, see the following: http://technet.microsoft.com/en-us/library/cc722062 (WS.10) .aspx.
It may be more than just the firewall. You need to allow remote access (in control panel / system / remote settings / Remote Access) and Remote Desktop (same place, but just below).
Here is an article on the remote desktop for Vista: http://windows.microsoft.com/en-US/windows-vista/Remote-Desktop-Connection-frequently-asked-questions (because I do not know your operating system - you can perform a search Bing for office remotely for your operating system to find something similar).
I hope this helps.
Good luck!
-
The VPN Clients need access to the subnet on another router
Hello
We have a pix 515e PIX Version 8.0 (2)
We have two subnet 10.1.x.x/16 and 10.2.x.x/16
The firewall is on 10.1.x.x and vpn clients can access this subnet.
The firewall can ping 10.2.x.y where x is a server in the other subnet.
On the 10.2.x.x customers out the firewall.
The problem is that vpn clients cannot access the server of 10.2.x.y even if the pix can ping 10.2.x.y and the road for him.
What I need to check that the vpn rules are correct in the pix 515e?
I think it is a rule of exemption nat or something like that not exactly sure.
Everything would be a great help.
Thank you
Hello
For clients VPN access to these subnets, check the following:
1 NAT exemption include these subnets (if not using NAT)... it's the NAT0 ACL command
2. these subnets is included in the split tunneling
3. these subnets have a route to the PIX to send traffic to the VPN client pool.
4. There are no ACLs not applied to the inside interface of the PIX deny this communication.
Federico.
-
Allow specific access through the Interfaces ASA 5510
Hi all
In my quest to learn Cisco IOS and devices, I need help in smoothing traffic, or access lists, allowing traffic between internal interfaces on the SAA specifically.
I have an ASA 5510:
WAN/LAN/DMZ ports labled E0/0 (LAN), E0/1 (WAN), E0/2 (DMZ).
Connected to the port E0/0 is a 2811 router
Connected to the port E0/1 is the (external) Internet
Connected to the port E0/2 is a 2821
(I'll add a 3745 for VOIP) port E0/3, but it has not yet happened.
I want to allow traffic between the 2821 and the 2811 routers so that devices on the networks behind them can talk to each other.
I've specified specific subnets between the ASA and the routers because I want to learn how to shape traffic behind routers, as well as on the ASA. So behind the routers I have different VLANS, but I'm not restrict access between them, still, at least I don't think I am. But as it is, behind the 2821 devices cannot access the DNS / DOMAIN SERVER that is located behind the 2811. Right now I have the routers DHCP power, who works there. Currently devices behind the router 2821-3560 switch cannot access the domain server, primary dns server.
How can I set the ASA to allow traffic to flow between the two routers and their VLANS?
Here's the configs of each device and I have also included my switch configs, incase something should be set on them. I only removed the passwords and the parts of the external IP address. I appreciate the help in which States to create and on which devices.
I think it is best that I put the links to the files of text here.
Thank you!
You must remove the following statements on the two routers:
-# ip nat inside source... overload
-for each # ip nat inside/outside interface, if they have configured.Remove ads rip of the networks that are not directly connected:
-2821: 172.16.0.0, 192.168.1.0, 199.195.xxx.0
-2811: 199.195.xxx.0
-ASA: 128.0.0.0No way should be added to the routers, since he is the one by default, put in scene to ASA.
Check the tables of routing on routers and the ASA.
On ASA:
-Remove:
object-group network # PAT - SOURCE
# nat (indoor, outdoor) automatic interface after PAT-SOURCE dynamic source-create objects of the networks behind the LAN router and enable dynamic NAT:
network object #.
subnet
NAT (inside, outside) dynamic interface-review remains NAT rules.
-to set/adjust the lists access penetration on the interfaces. Do not forget to allow the rip on the LAN and DMZ interfaces.
-Disable rip on the outside interface.
-
Windows XP security does not allow me access to the browser or the internet
I'm having a problem with XP Security that keeps popping up almost continuously and prevents me from doing anything , without ordering the software. It also shows that I have 26 virus, but an another separate scanning with a newly installed anti-virus [Ioio] program stated that 5 and were all deleted/purged.
I have been using FireFox as my browser and still cannot access Yahoo homepage - impossible to go to the post office or anything else. Pop up warnings keep coming and display 'Windows XP Security' is still waiting for me to buy their program - and I can not change anything on this menu at all since it keeps redirecting me to the purchase. I can't get FireFox or even Internet Explorer since it shows a terrible message and does not allow me to circumvent it.
What can I do to get rid of this problem? I had to use using another computer to communicate with you and don't know what to do to solve this problem. This same message/problem seems to resurface every year and made it for 2-3 years. I resorted to an online, remote help to alleviate the problem in the past, and it still costs a lot of money to solve. How can I FIX?
See if that helps.
http://www.bleepingcomputer.com/virus-removal/remove-total-security
-
E8350 in Bridge mode allow me access to the router with 192.168.1.1
I have a small home network with the E8350 (AC2400) and a PK5001A of Qwest ActionTec modem. I needed to put the router in Bridge mode to enable NAT in the modem works properly. By simply disabling the NAT in the E8350 network broe. Once I placed the E8350 in bridge mode, I lost connectivity via 192.168.1.1. The network seems to work correctly, I can't access the router remotely. Is this normal or is it a different setting I'm missing?
When you have done this, you probably have a new ip address of the primary router. See what she is looking at the main router connections or by manually adjusting it 192.168.1.2 or some other ip that is in your network. If the primary router uses a different subnet as 192.168.0.x, then you must use an IP also in this same range.
-
using apple tv to stream xfinity wifi
The Apple tv needs Internet - wifi or Ethernet. Access normally means places that they have agreements with wifi (i.e. from Starbucks, McDonald's etc.). But you will need a connection Internet for the Apple TV work from your home. Although some use the hotspot on their phone. You need a speed of ISP at 8mbps for HD streaming on iTunes or netflix requires only 5 for HD (due to compression).
short answer is that you must get xfinity as your ISP not only access hotspot...
-
Allow unrestricted access of the comments?
I have an EA4500 wireless router. Here as a guest to the internet access without requiring a password. Is this possible and if so, how? I know how to set the password for comments, but it wont let me value it is empty.
Unfortunately, it is not possible.
To accomplish what you want to do, you can buy an extra router, it cascading LAN to WAN and enable the isolation of the AP.
-
Allow remote access to the VPN Cisco ASDM
Hello
I am trying to access asdm Setup for the user remote vpn. Our ASA running version 9.1 (1). ASDM is running version 7.1 (1) 52
I have apart from the interface within the interface enabled for vpn tunnel and I use 3rd interface (asdm_inf) dedicated to this purpose.
In the asdm, I enabled the management to asdm_inf interface. In the section ASDM, HTTPS, Telnet, SSH, I also add ASDM/HTTPS(port 444) for asdm_inf, ip_address 0.0.0.0 mask 0.0.0.0.
However, when I connect to the vpn client and try https://asdm_inf:444, the connection is broken with timeout.
Where could I go wrong? Any help would be appreciated.
Thank you
Hello
Well, split tunnel is incorrect, you are tunneling to 172.16.66.0/24, while your BFD which you want to manage the ASDM to is 192.168.244.0/24, so the ACL split tunnel should also 192.168.244.0/24 network.
-
I have mcafee - and xp said I was infected
Hello
Your system is infected with the virus, update your Mcafee and run a full scan of the system in safe mode. You can also try to download Anti-malware http://www.malwarebytes.org/ and scan your system in safe mode.
To start your computer in safe mode, you must press the F8 key before the windows screen is loaded (time between the BIOS screen disappears and before you get the windows screen).
Once you get your system clean everything in safe mode, restart your computer, should be all good.
I hope this helps.
-
Hi all
In collaboration with a client who wishes to have a cell phone can be used by the staff and management at his restaurant. He wants management to an unrestricted administrator account, but wants the staff to have a user account restricted, such that they can only use web browsers to navigate to three specific sites. Have done the research on this for hours now and can't seem to find a solution to what should be a simple problem. All proposed software costs money, which the owner is not interested. Any help?
Hello
Thanks for the reply.
I'm sorry for the late reply.
I appreciate your patience.
I hope that you will soon have the resolution of the issue of the TechNet forums.
However, you can also consult the security forum as part of TechNet.
https://social.technet.Microsoft.com/forums/en-us/home?Forum=w7itprosecurityThank you
-
Get write access to the VI API to allow stopping a server ESXi via Toolkit VI
Referring to the above link and more precisely the following statement ' VMware ESXi 3.5u4 has just been launched and the internal API seems to have been fixed and exposed VI API will have only read-only access when you use the version of ESXi license.
I did some playing with 3.5u4 ESXi and use the VI Toolkit to connect to the host of 3i. I have been unable to stop the ESXi host as it gives me the error "fault. RestrictedVersion.summary ".
I understand the question (see this link fault. RestrictedVersion.summary).
My question is how can I pay for that to work (which agents do I need to buy).
In my scenario (small client under 15 users), I have a server terminal server in physics and I want to implement SBS on a box of 3i. I want to be able to issue a stop command to the area of 3i of the terminal server using the VI toolkit.
So I'm able to buy an agent / license to allow write access to the API?
My first thoughts were:
I need to purchase a license to host VirtualCenter for this box of 3i.
Then, he would be more free and I was able to 'write' API?
I guess on the SBS box, I wouldn't need to install virtual center, just the license service so I got somewhere to point the box of 3i in a location of license
VirtualCenter can be provided as a serial number or the host license?
Any ideas or suggestions?
I like the VI Toolkit to be able to issue the shutdown command, in turn will stop the VM guest for me.
At least you need the Foundation license which includes vCenter. Which will give you full access r/w to the VI API, this limited restriction applies only to the free version of ESXi, you are aware of.
This KB provides details on the type of license required for full access in RCLI: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1006543
=========================================================================
William Lam
VMware vExpert 2009
Scripts for VMware ESX/ESXi and resources at: http://engineering.ucsb.edu/~duonglt/vmware/
-
When I go to add Bitmoji to iMessage I get please allow full access on the keyboard,
It is configured to access complete this problem is after I download is 10
This is a known problem, Bitmoji is working on a fix https://twitter.com/Bitmoji/status/775860193360044032
Maybe you are looking for
-
Safari, on the blink.
Hello.. I am currently, for some reason, new to me, cannot connect to all websites on the net using Safari v. 5.1.1.
-
2309 m too big monitors for Native resolution screen.
I have Windows 7 Home Premium on the Aspire m7811A PC (x 64). When I use my hdmi cable with my monitor and change the screen resolution to the recommended setting, which is 1920 x 1080 to 60htz, the Office extends too far, and I see all the stuff on
-
I need to turn my touchpad when I connected mouse
-
The ML - 3 ring flash and the speedlite 300tl is usable on the EOS 7 d?
I have good light for canon ml-3 and a speedlite 300tl that I use on my canon t90. I'll buy a Canon EOS 7 d DSLR. Can I use the ML-3 and the 300TL on the EOS 7 d?
-
How to get my hotmail password back, some 1 get my password and chang cela,.
I want to get my hotmail password no matter what friend get my password and change the password.How to recover the password and I want to know tht is there a link where I can talk to chat with microsoft support team