Still trying to have users on an outside LAN (10.1.1.x) browse or use telnet services via PAT to an inside LAN (192.168.1.x). So a user browsing 'http://10.1.1.5:50000' would reach the web server on port 80 at 192.168.1.50.
Here's the current rules. I've put in comments as the way I understand these rules to work.
--- PIC 501 V6.2(2) --- # this is my outside LAN from which I'm trying to access # specific host from using PAT overloading ip address outside 10.1.1.5 255.255.255.0 # and this is the inside LAN ip address inside 192.168.1.1 255.255.255.0
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
global (outside) 1 interface
# I want users on the outside to browse host 192.168.1.5 # using a URI like http://10.1.1.5:50000static (inside,outside) tcp interface 50000 192.168.1.50 www netmask255.255.255.255 0 0 # ... and the same for telnet static (inside,outside) tcp interface 50001 192.168.1.50 telnet netmask 255.255.255.255 0 0
# added this as told so that outside host 10.1.1.30 # could talk to the PIX 501, not really clear to me # why though. access-list out2in permit tcp host 10.1.1.30 host 10.1.1.5 eq 50000
access-group out2in in interface outside
--- Just more info ---
# show static outside 10.1.1.0 255.255.255.0 10.1.1.5 1 CONNECT static inside 192.168.1.0 255.255.255.0 192.168.1.1 1 CONNECT static
While trying to add either of these ... access-list out2in permit tcp any interface outside eq 50000 results in "ERROR: invalid IP address interface"
access-list out2in permit tcp any outside eq 50000 results in "ERROR: invalid IP address outside"
Am I missing anything? Any help much appreciated.