Guys,
I am having little bit of problem with my config. just need someone to help me.
I have got console servers behind my PIX, which is connected to few routers, switches & servers. I am trying to access console server by telnet and it's not responding however I can ping from PIX firewall but not from outside host (170). I tried assigning public IP directly connecting to my switch where my PIX's outside interface is connected and it works fine but the moment I assignee private IP and connect them behind firewall I can't access. As you can see I have configured static, access-list and access group. Console servers has got default route pointing to 172.16.2.1 . But I think I made silly mistake and can't figure pout what hence need expert's advice.
Can some one please suggest?
Thanks
PIX Version 6.3(3) interface ethernet0 auto interface ethernet1 auto interface ethernet2 auto interface ethernet3 auto interface ethernet4 auto shutdown interface ethernet5 auto shutdown nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 dmz security50 nameif ethernet3 console security40 nameif ethernet4 intf4 security30 nameif ethernet5 intf5 security10 hostname pix domain-name cisco.com access-list letmein permit tcp host ***.***.***.170 any eq 5900 access-list letmein permit tcp ***.***.***.136 255.255.255.*** any eq
5900 access-list letmein permit tcp host ***.***.***.170 host ***.***.***.201 eq telnet access-list letmein permit tcp host ***.***.***.170 host ***.***.***.202 eq telnet access-list letmein permit tcp host ***.***.***.170 any eq ftp pager lines 24 logging on logging timestamp logging buffered alerts logging trap debugging logging facility 16 logging host inside 10.0.0.18 icmp permit any echo outside icmp permit any echo-reply outside icmp deny any echo inside icmp deny any echo-reply inside icmp deny any echo dmz icmp deny any echo-reply dmz icmp permit any echo console icmp permit any echo-reply console ip address outside ***.***.***.203 255.255.255.224 ip address inside 10.0.0.1 255.255.255.240 ip address dmz 192.168.1.100 255.255.255.0 ip address console 172.16.2.1 255.255.255.0 global (outside) 1 interface global (dmz) 1 192.168.1.1-192.168.1.99 netmask 255.255.255.0 nat (inside) 1 10.0.0.0 255.255.255.0 0 0 static (inside,outside) tcp interface 5900 10.0.0.18 5900 netmask 255.255.255.255 0 0 static (inside,outside) tcp interface ftp 10.0.0.18 ftp netmask 255.255.255.255 0 0 static (console,outside) tcp ***.***.***.202 telnet 172.16.2.2 telnet netmask 255.255.255.255 0 0 static (console,outside) tcp ***.***.***.201 telnet 172.16.2.3 telnet netmask 255.255.255.255 0 0 access-group letmein in interface outside route outside 0.0.0.0 0.0.0.0 ***.***.***.197 1 route inside 10.0.0.0 255.255.255.0 10.0.0.2 1