Cisco forwarding port does not

Dear experts, I got a production Firewall (Cisco Pix 515e 6.3 (1)) and I have set up to allow access to the outside on a server (SSH only).

The server is 10.0.5.200.

External IP is a.b.c.d. (should I use the FW outside the IP address of the interface?)

Here's the sanitized output:

6.3 (1) version PIX

interface ethernet0 100full

interface ethernet1 100full

Auto interface ethernet2

interface ethernet3 100full

Automatic stop of interface ethernet4

Automatic stop of interface ethernet5

ethernet0 nameif outside security0

nameif ethernet1 inside the security100

nameif ethernet2 provider interieure4

nameif dmz security99 ethernet3

nameif ethernet4 intf4 security8

ethernet5 intf5 security10 nameif

activate the encrypted password of XXXXXXXXXXXXXXXX

passwd encrypted XXXXXXXXXXXXXXXXXX

IP address outside a.b.c.d 255.255.255.240

IP address inside 10.0.1.254 255.255.255.0

provider address IP X.X.X.X 255.255.255.0

dmz X.X.X.X 255.255.255.0 IP address

ARP timeout 14400

Global 1 interface (outside)

NAT (inside) 0 access-list sheep

NAT (inside) 1 10.0.1.0 255.255.255.0 0 0

Timeout xlate 03:00

Timeout conn 01:00 half-closed 0:10:00 udp 0: CPP 02:00 0:10:00 01:00 h225

H323 timeout 0:05:00 mgcp 0: sip from 05:00 0:30:00 sip_media 0:02:00

Timeout, uauth 0:05:00 absolute

GANYMEDE + Protocol Ganymede + AAA-server

RADIUS Protocol RADIUS AAA server

AAA-server local LOCAL Protocol

the ssh LOCAL console AAA authentication

NTP server 192.43.244.18 prefer external source

NTP server 128.102.16.2 source outdoors

Enable http server

6.3 (1) version PIX

interface ethernet0 100full

interface ethernet1 100full

Auto interface ethernet2

interface ethernet3 100full

Automatic stop of interface ethernet4

Automatic stop of interface ethernet5

ethernet0 nameif outside security0

nameif ethernet1 inside the security100

nameif ethernet2 provider interieure4

nameif dmz security99 ethernet3

nameif ethernet4 intf4 security8

ethernet5 intf5 security10 nameif

activate pnxJXWf9kU.x7YfY encrypted password

WL6KtWnsAjAQS2yI encrypted passwd

outside_access_in ip access list allow a whole

access list outside-access enable icmp a whole

access-list DMZ_access_in allow icmp a whole

IP address outside a.b.c.d 255.255.255.240
IP address inside 10.0.1.254 255.255.255.0
provider address IP X.X.X.X 255.255.255.0
dmz X.X.X.X 255.255.255.0 IP address

ARP timeout 14400
Global 1 interface (outside)
NAT (inside) 0 access-list sheep
NAT (inside) 1 10.0.1.0 255.255.255.0 0 0

Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0: CPP 02:00 0:10:00 01:00 h225
H323 timeout 0:05:00 mgcp 0: sip from 05:00 0:30:00 sip_media 0:02:00
Timeout, uauth 0:05:00 absolute
GANYMEDE + Protocol Ganymede + AAA-server
RADIUS Protocol RADIUS AAA server
AAA-server local LOCAL Protocol
the ssh LOCAL console AAA authentication
NTP server 192.43.244.18 prefer external source
NTP server 128.102.16.2 source outdoors
Enable http server

Those in bold are the commands that I added:

static (inside, outside) tcp a.b.c.d 2022 10.0.5.200 ssh netmask 255.255.255.255 0.0

access-list 100 permit tcp any host a.b.c.d eq 2022

Allow Access - list 101 tcp 10.0.5.200 eq 22 a

Access-group 100 in external interface

Access-group 101 in the interface inside

When you access from the Wan, I used putty SSH port 2022 a.b.c.d IP in and he gave me of waiting times. I used the:

Capture interface capo outside access-group 100

The results were (that I can remember that I am not on site):

My WAN IP-> a.b.c.d (R)

My WAN IP-> a.b.c.d (S)

My WAN IP-> a.b.c.d (S)

My WAN IP-> a.b.c.d (S)

The server on the internal LAN access is great and I can access port 22 on the server on the local network (Note: there is a L3 switch in the environment and inside the IP segments are 10.0.1.0/24 and 10.0.5.0/24 routable both.)

This is what I did so far and would like more ideas on this subject that I am currently facing to. thanks!

Hello

Configuring static PAT (Port Forward) seemed correct to me.

If you use the IP address of ' outside ' interface you would generally configure the parameter "interface" , and not the IP address.

public static interface 2022 22 netmask 255.255.255.255 tcp (indoor, outdoor) 10.0.5.200

Of course if you can/want to save a public IP address for this server only you could configure static NAT

public static 10.0.5.200 (inside, outside) subnet mask 255.255.255.255

That would bind essentially those 2 IP addresses, and you can allow services that are needed for the current server. Naturally, you will also need to allow traffic in the external ACL to the new public IP address.

But it should also work with your configurations. If you want to use the IP address or a separate public IP's to you.

If you are missing the 'road' to the 10.0.5.0/24 subnet in your PIX configuration so it is an obvious problem in why the server is inaccessible from the Internet. So, I would start by adding the "itinerary" necessary and retest. If it does not then would be good to verify that the routing between the server and the PIX is fine. For example, there is a route to the PIX server, and the server has a default route takes traffic to the PIX.

Hope this helps

-Jouni

Tags: Cisco Security

Similar Questions

  • One of my usb ports does not work. A top forward on a MacPro 3.1

    So I plugged it in a charger to charge a battery. He went for about 1/2 hour then I got a message a lot of power, port and it will stop the port. Something like that. So now the port does not at all with any device. Can this be reset?

    Running OS 10.6.8 snow leopard. 3.1 MacPro Tower.

    Try a reset of the MSC...

    MacIntel: Reset of the controller (SMC) system management

  • Cisco FlexConnect 7510 does not start the backup, stuck on "cisco bootloader stage2 loading" image

    Cisco FlexConnect 7510 does not start in the backup image. Yesterday I downloaded 8.1.102.0 on our master controller and rebooted when evertyhing was complete, the controller has not restarted in 8.1.102.0 it is stuck on the screen that says "cisco bootloader stage2 loading" I have hard reset the box with the power button and tried a couple of times. I looked at the material to break the boot with the 'ESC' key, but is not nothing to me either, even modified keyboards, comes to the white screen cisco F2 for Setup / F12 for the boot etc menu, but I'm not able to use the keyboard to enter this sequence. I have my controller to slave running 8.0.110.0 now that he's turned and took controll when the captain went to restart. For any help or suggestion would be greatly appreciated. Thanks Matt

     "cisco bootloader loading stage2"

    This happens when you connect a computer monitor directly to the WLC.  If you connected in the WLC by using the console port, you should not see this.

  • The console port does not

    Hello, the console of the router cisco 911 session does not appear in the PuTTY emulator, but the same console cable does not work with the cisco switch.what could be the problem? I can telnet but its saying ' no password set "Please, have a solution to this?

    Try a different bitrate 115200 but if same configurations working in the port of the switch could be dead, comes to the telnet port of vty, did you set ssh access on it at all?

  • 802. 1 x authentication port does not

    I have trouble to know what is happening here. I'm trying to configure 802. 1 x port authentication based to assign customers to a VLAN. I inherited this mess and his for a long time I used it. I ran a wireshark on the radius of my server and I see no same package from my IP address switch when I plug into a port (I checked communication because pings come in my trace)

    Pass the info:

    SW-ConfB > sho worm

    Cisco IOS software, software of C2960C (C2960c405-UNIVERSALK9-M), Version 12.2 (55) EX3, VERSION of the SOFTWARE (fc2)

    Port config:

    interface FastEthernet0/11

    switchport mode access

    authentication event failure action allow vlan 900

    no response from the authentication event action allow vlan 900

    Auto control of the port of authentication

    dot1x EAP authenticator

    dot1x tx-period 5

    The RADIUS server info:

    key acct-port 1646 1645 auth-RADIUS-server host 10.0.1.52 port 802.1 x!

    A little confused why not package Radius comes even from the switch. Any tips?

    According to debug it, it seems that the supplicant connected on the switch port does not support the dot1x and MAB is not configured on the switchport so no method left to try and you got the vlan COMMENTS.

    3 Mar 04:37:47.963: % AUTHMGR-7-RESULT: authentication result 'no response' of 'dot1x' for the customer (d4be.d907.9637) on the Interface Fa0/11 AuditSessionID 0A000103000000090B4AD0F6
    * 04:37:47.963 3 Mar: % AUTHMGR-7-FAILOVER: failover "dot1x' for the client (d4be.d907.9637) on the Interface Fa0/11 AuditSessionID 0A000103000000090B4AD0F6
    * 04:37:47.963 3 Mar: AUTHMGR-7-NOMOREMETHODS %: exhausted all methods of authentication for the client

    At this point, the RADIUS is not even came into the picture. Please make sure that the end customer is configured correctly for the dot1x parameters.

    Kind regards

    Jatin kone

    * Make the rate of useful messages *.

  • MacBook Pro 13 "Retina Display Usb Port does not... !!

    MacBook Pro 13 "Retina Display right usb port does not... I tried to plug in and out still it doesn't then I rebooted my macbook and again inserted the USB, it worked... !! Why this problem is caused? today is the 5th day since I bought my macbook... !! Also last night so he was working in final cut pro that freezes... the keys of my keyboard and trackpad it works do not totally got hung up... and then I pressed my power button after the restart, it was ok... Parachuting also does not work between my iphone and a macbook... say Bluetooth not connected to my phone eventhough after pairing... suggestions and advice? Help me please I am confused and worried... !! It's just the 5th day... !!

    Reset the SMC > reset the management system (SCM) controller on your Mac - Apple Support

  • Recently I have not been able to forward my iPhone 5S for message store.  I've never had this problem before. When I looked to what to do, I realize that The Call Forwarding icon does NOT appear in the status bar when I try to transfer calls.  How c

    Recently I have not been able to forward my iPhone 5S for message store.  I've never had this problem before.

    When I looked to what to do, I realize that The Call Forwarding icon does NOT appear in the status bar when I try to transfer calls. How can I fix this please?

    It does not work using * 21 * + 6 * 41412 * 2 #.

    < personal information under the direction of the host >

    Call forwarding is a function of carrier. Contact your operator.

  • NB200-12N - USB port does not work

    Hello

    I updgrade my OS from windows 7 starter edition to now a windows 7 home basic 32-bit usb port does not work is the (only) in the left near card reader sd and lan.
    Can you please hellp me to install it? I have download the drivers from Toshiba for my NB200
    But does not work.

    Thank you

    Paulo

    If everything is OK and right drivers all USB ports should work. You cannot install the drivers for each port separately and force one of them to work properly. On this machine, all three ports are the same USB2.0 ports.

    Try reinstalling the chipset utility.

    By the way: two other ports work well, right?

  • Satellite L650 - 12N USB Ports does not work

    My satellite L650-12N usb port does not work. I did everything that I could and it does not work.
    It shows a yellow exclamation mark on my system.

    I try so many ways, including the recovering auto troubleshooting, formatting and system he could not work.
    Under the key USB gives error code 43, I do not understand.

    The webcam and the wireless card no more.
    This boot problem after a storm in my area some time ago.

    Please can someone help.
    Thank you
    Sani

    Hello

    > This problem start after a storm in my area some time ago.

    Because other devices don't work properly and because procedure didn t get it back help you solve this problem, I think that the problem is related to the hardware malfunction possibly that the motherboard was hit by lightning, which would explain the problems

    I think you should ask the maintainer authorized Toshiba in your country to check the motherboard.

    But in my opinion, that the warranty does not cover the issues of environmental impact maybe your household insurance could help you

  • Satellite Pro 6100: USB port does not work after the return of the mode "Eve"

    I have a strange error on my USB ports on Satttelite Pro 6100 with XP SP2.

    Two USB 1.1 ports work fine after cranking up what the laptop goes into mode 'sleep' (automatically or manually).
    The restart afret optical mouse connected to the USB port does not illuminate and the XP system displays the error message on the device not recognized on USB port.

    Plug the mouse on or off doesn't change anything. Only restart helps.

    Any ideas?

    It's very strange, but it will be interesting to see if the same problem persists with other USB devices. Can you test and post again on the results?

  • Tecra A11 - serial port does not

    I have a Tecra A11 running windows 7 Professional (32-bit).
    My serial port does not seem to work as I am no longer able to connect to the industrial PLC automation which requires the connection to the serial port for programming.

    Some of the software I use is a RSLinx, Easysoft and others.

    Any help on this will be greatly appreciated.

    Hello

    The serial port is properly recognized in Device Manager?
    Do you have signs of yellow exclamation point there?

    Try to remove the serial port of the Device Manager and reboot the machine to get this recognized again port.

  • S-Video port does not work on Tecra M5

    Hello. S-Video on my laptop M5 port does not work. I checked everything Svideo cable, TV and also the drivers. Everything works fine. Could you advise me please? How can BTW, I check the Svideo port?

    Hello

    There is not much to do
    (1) Please make sure you use a S-video S-video cable and connect it to the TV
    (2) turn on the S-video TV port - VERY IMPORTANT
    (3) use the FN + F5 key combination to switch to TV

    All that s!

  • HP 15-AF006AX: USB 2.0 port does not work

    Hello

    I installed window 7 in my new laptop, but the usb port does not work in the case of data transfer.

    and I am not finding a driver for this, can you help me for this problem

    Thanks in advance

    Hello:

    The only suggestion I can offer would be to settle the AMD Chipset drivers from the link below the problem.

    You want the first file on the Web page.  Install and reboot the PC.

    http://support.AMD.com/en-us/download/chipset?OS=Windows%207%20-%2064

  • El Capitan USB port does not worked well under Yosemite.

    Running a VMWARE image of the Linux kernel using a Sentinel of SafeNet USB license dongle canned.
    Has worked perfectly under Yosemite unfortunately too long to go back.

    The USB port does not work with other USB devices?

    I suspect an incompatibility with the EC and the sine of dongle USB EL strengthened using third kexts. They must be signed, and so a softer update for the dongle is probably necessary.

    http://arstechnica.co.UK/Apple/2015/09/OS-x-10-11-El-Capitan-the-Ars-Technica-re view/8 / #h1

  • reinstalled my windows but forward button does not work

    reinstalled my windows but forward button does not work or hibernation modded shows in power options

    Hello Rahul,

    Thanks for choosing Microsoft Community!

    You have reached the right forum. Let us work as a team and try to solve this problem.

    If I understand correctly, you have problems with node in sleep and extended in Windows XP.

    Please read the following article and see if that helps:

    How to solve the problems of hibernation and standby in Windows XP:

    http://support.Microsoft.com/kb/907477

    Hope the helps of information. Don't answer if you need assistance, we will be happy to help you.

Maybe you are looking for

  • Satellite 1130-z24: upgrade hard drive question

    Hello I have a toshiba Satellite 1130 - z24, which requires a new hard drive, the old man is a MK2108GAP of 20 GB but I want to set up a larger capacity drive. What is the record of the maximum size that I can use without any problems of compatibilit

  • Driving directions

    If I ask ' take me home ' to my iPhone6, open maps and everything is ok. If I ask exactly the same thing to my AW, the answer is "I don't know where he is." Don't know if it helps; in any case if I ask my AW to lead me to a person with known address,

  • changing design of front panel

    Hello I have designing my front panel now I want changed soming like this image format, but I am not able to design new modified.but I could do.

  • Question about uninstalling

    As a general rule, it is best to use the app or program uninstall, or use the Add/Remove Windown utility?

  • BlackBerry 10 Skype, a possibility on April 15 or a bad joke?

    Or is this a joke of day April fool? This is the 1st time I hear/read this site, and I don't know how they got a hold of such a tipster... http://www.tektok.ca/2013/04/Skype-for-BlackBerry-10-launching-April-15/