https://community.cisco.com/t5/network-security/how-to-enable-a-port-on-a-pix-firewall/m-p/600687#M499847 <HTML><HEAD></HEAD><BODY><P>My inside ACL is called inside. </P><P>Is this correct? im typing</P><P>access-list inside permit tcp host x.x.x.x eq 3101</P><P>x=my BB server's IP address</P><P>Like i said im very new to cisco so apologise if im asking a very simple question.</P><P></P><P>thanks</P></BODY></HTML> Thu, 29 Jun 2006 12:32:24 GMT willgerrish 2006-06-29T12:32:24Z https://community.cisco.com/t5/network-security/how-to-enable-a-port-on-a-pix-firewall/m-p/600684#M499844 <P>hi,</P><P></P><P>im a newbie to using a pix firewall and i would like someone to help point me in the right direction? I need to enable port 3101 for my blackberry server. I have the enable password for the pix firewall but a bit stuck with where to go now. Tired using PDM to config the ports.</P><P></P><P>Any Help would be great.</P><P></P><P>Thanks</P> Fri, 21 Feb 2020 09:00:54 GMT https://community.cisco.com/t5/network-security/how-to-enable-a-port-on-a-pix-firewall/m-p/600684#M499844 willgerrish 2020-02-21T09:00:54Z https://community.cisco.com/t5/network-security/how-to-enable-a-port-on-a-pix-firewall/m-p/600685#M499845 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>In order to allow traffic from higher-security zone to a lower-security zone, you need to have 2 things configured:</P><P></P><P>1- Static translation for your server as follows:</P><P></P><P>static (dmz,outside) x.x.x.x y.y.y.y netmask 255.255.255.255</P><P></P><P>where x.x.x.x is the public IP which you want to reach the server through and y.y.y.y is the IP of your blackberry server.</P><P></P><P>2- ACL to allow traffic to the server:</P><P>access-list out_access_in permit tcp any host x.x.x.x eq 3101</P><P></P><P>Finally, dont forget to enable the acl on your outisde interface through this command:</P><P></P><P>access-group out_access_in in interface outside</P><P></P><P>Good Luck,</P><P>Haitham</P></BODY></HTML> Thu, 29 Jun 2006 10:48:09 GMT https://community.cisco.com/t5/network-security/how-to-enable-a-port-on-a-pix-firewall/m-p/600685#M499845 haithamnofal 2006-06-29T10:48:09Z https://community.cisco.com/t5/network-security/how-to-enable-a-port-on-a-pix-firewall/m-p/600686#M499846 <HTML><HEAD></HEAD><BODY><P>In my experience you only need to allow your BB server to get to the internet, you do not need to allow the internet BB to get to you. So I don't think you need a static NAT for the server, you could use "nat" and "global" instead, and you need to look at the ACL on the inside.</P><P></P><P>Somthing like:</P><P>nat (inside) 1 0.0.0.0 0.0.0.0 0 100</P><P>global (outside) 1 interface</P><P>access-list in_inside permit tcp host your_BB_IP host internet_BB_IP eq 3101</P><P></P><P>do "show acess-group" first to see what the inside ACL (if any) is called.</P></BODY></HTML> Thu, 29 Jun 2006 10:54:02 GMT https://community.cisco.com/t5/network-security/how-to-enable-a-port-on-a-pix-firewall/m-p/600686#M499846 grant.maynard 2006-06-29T10:54:02Z https://community.cisco.com/t5/network-security/how-to-enable-a-port-on-a-pix-firewall/m-p/600687#M499847 <HTML><HEAD></HEAD><BODY><P>My inside ACL is called inside. </P><P>Is this correct? im typing</P><P>access-list inside permit tcp host x.x.x.x eq 3101</P><P>x=my BB server's IP address</P><P>Like i said im very new to cisco so apologise if im asking a very simple question.</P><P></P><P>thanks</P></BODY></HTML> Thu, 29 Jun 2006 12:32:24 GMT https://community.cisco.com/t5/network-security/how-to-enable-a-port-on-a-pix-firewall/m-p/600687#M499847 willgerrish 2006-06-29T12:32:24Z