I've tried searching on EE for this answer but because I'm not that much of a PIX expert -I only understand IOS syntax and basic firewall rules- I couldnt really solve my problem. So, if the answer is blatently already available try not to flame me too much...
I've got a client with a PIX that has a bunch of web servers in the DMZ with existing policies to allow smtp and web traffic to those servers. However, they have a box on the LAN they'd like to open full access to for a very short period of time and I cant seem to figure out how to write it into the config. Based on all the configs that were already on the system, I tried to do the following:
static (inside, outside) 65.xx.aa.bb 192.168.ff.gg netmask 255.255.255.255
Then for the actual policy:
access-list outside_access_in permit tcp host [ip of origin client] host 65.xx.aa.bb eq telnet
We had the remote user try telnet and it didn't work; I also found out they needed access for a few hours to a million other ports so tried changing the policy to:
access-list outside_access_in permit tcp any (in case they weren't originating from the IP they thought they were) host 65.xx.aa.bb
And this still didn't work so here I am. Anyone see what I'm doing wrong?