Telnet access through PIX

[kasser]

Hi all,

I am having some issues setting up a access-list.
I want to be able to give a host outside my firewall access to a server so it can listen on port 1364.

I will be giving the host a public ip of ours to use. This spare public ip i statically mapped to the server. I created the access list on the outside interface to allow the host ip address through.
But when i check with telnet through that port it doesnt work.
I then tried setting up the access list and the static statement but point the static statement to the access-list but this also fails not sure what I am doing wrong, please help???

first attempt:


static (inside, outside) 12.13.14.15 192.168.16.17 netmask 255.255.255.255 0 0
access-list out2in permit tcp host 19.20.21.22 host 12.13.14.15 eq 1364
access-group out2in in interface outside

ALthough I have alot of access-lists assigned to this group would that make a difference?

2nd try:
static (inside, outside) 12.13.14.15 192.168.16.17 netmask 255.255.255.255 0 0 access-list out2in
access-list out2in permit tcp host 19.20.21.22 host 12.13.14.15 eq 1364

Still could not get anywhere? I have tried debugging but cant make heads and tails of the debug packet, not sure which other one to use?

PLEASE HELP?????

 

[NetworkGhost]

If you do a show access-list is the hit counter incrementing? Is the server listening on that port?

netstat -na

http://www.wr-mem.com

 

[GM2005]

static (inside,outside) tcp 12.13.14.15 1364 192.168.16.17 1364 netmask 255.255.255.255 0 0

access-list out2in permit tcp host 19.20.21.22 host 12.13.14.15 eq 1364

nat (inside) 1 0 0
static (outside) 1 interface

access-list out2in in interface outside

wr mem

clear xlate

 

[brianinms]

I am with GM2005, and I believe the step you were missing was "clear xlate