Solved

PIX Block Traffic infor static NAT doesn't work

Posted on 2009-06-30
2
430 Views
Last Modified: 2012-06-21
Hello

We have a pix, and in this pix we have the following config on interface "outside"

interface Ethernet0
 nameif outside
 security-level 0
 ip address 1.1.1.1 255.255.255.240 standby 1.1.1.2

For routing traffic to the an address on the inside i created the following Static NAT
static (GPN,outside) 1.1.1.5 192.168.1.1 netmask 255.255.255.255

All works fine, i can now reach this server on all ports i wish, but i would like to make sure only RDP is allowed to this server, so i created an accesslist

access-list server_acl extended permit tcp any interface outside eq 3389
access-list server_acl extended deny ip any any

And applied this on the outside interface (also tried simmular to the inside interface)
access-group server_acl in interface outside

Now the server is not reachable anymore on any address

Any thoughts on this
0
Comment
Question by:Qore_Networks
2 Comments
 
LVL 5

Accepted Solution

by:
yashinchalad earned 500 total points
ID: 24748159

Apply only this part
access-list server_acl extended permit tcp any host 1.1.1.5 eq 3389
access-group server_acl in interface outside
 
0
 

Author Closing Comment

by:Qore_Networks
ID: 31598367
I see, i was under the assumption that the interface should be guarded, but only the address was enough

Thanx
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco / asa /Nagios 3 15
EIGRP Bandwidth 2 42
Cisco ASA inside & outside to same switch 3 41
SSH over http/https 8 111
I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now