https://community.cisco.com/t5/network-security/pix-501-remote-desktop-or-remote-ftp/m-p/1645125#M591422 <HTML><HEAD></HEAD><BODY><P>Using this as a guide (<A href="https://community.cisco.com/docs/DOC-1972">https://supportforums.cisco.com/docs/DOC-1972</A>), I came up with the commands below: </P><P></P><P></P><P></P><P>static(inside,outside) <PIX outside="" ip=""> <PIX inside="" ip=""> netmask 255.255.255.255</PIX></PIX></P><P>access-list 101 permit tcp any host <PIX inside="" ip=""> 5900</PIX></P><P>access-list 101 permit udp any host <PIX inside="" ip=""> eq 5900</PIX></P><P></P><P></P><P>(Note: I do not have an ASA and I assume I want 5900 because I'm trying to get TightVNC to work and that's the default port for it.)</P><P></P><P></P><P>Would this work as I hope? If so, does it matter where it goes in the config file? And if this is correct, or after someone tweaks it a little, is there any thing else at all that I need to do to be able to VNC (or FTP) in from off-site to my and other computers on the local network?</P><P></P><P>Thanks again.</P></BODY></HTML> Fri, 18 Feb 2011 16:49:00 GMT mfaerber1 2011-02-18T16:49:00Z https://community.cisco.com/t5/network-security/pix-501-remote-desktop-or-remote-ftp/m-p/1645122#M591412 <P>Hello, utter novice here with a very old Sun server behind a Pix 501 (v6.3) running PDM v3.0.</P><P></P><P>I need to access the server files from a remote location but I am overwelmed trying to learn how everything works.</P><P></P><P>It seems that I need to simply either create some new rules or configure the "Easy VPN Remote" section of the PDM.</P><P></P><P>Can anyone please walk me through the PDM so that I can either use remote desktop or FTP from anywhere? Whichever is simpler to explain is fine.</P><P></P><P>Thank you very much.</P> Mon, 11 Mar 2019 19:52:24 GMT https://community.cisco.com/t5/network-security/pix-501-remote-desktop-or-remote-ftp/m-p/1645122#M591412 mfaerber1 2019-03-11T19:52:24Z https://community.cisco.com/t5/network-security/pix-501-remote-desktop-or-remote-ftp/m-p/1645123#M591415 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>To access the inside server remotely you can either use a VPN tunnel or simply use a NAT rule to redirect traffic to it.</P><P></P><P>If you have a public IP on the outside interface of the PIX, you can simply create a Static PAT rule to redirect 3389 to the server and permit it with an ACL.</P><P></P><P>It's been years that I don't touch PDM, but I can show you the commands.</P><P></P><P>Federico.</P></BODY></HTML> Thu, 17 Feb 2011 20:33:25 GMT https://community.cisco.com/t5/network-security/pix-501-remote-desktop-or-remote-ftp/m-p/1645123#M591415 Federico Coto Fajardo 2011-02-17T20:33:25Z https://community.cisco.com/t5/network-security/pix-501-remote-desktop-or-remote-ftp/m-p/1645124#M591418 <HTML><HEAD></HEAD><BODY><P>Thank you very much Federico. I think I see all of the IPs I need in the PDM. I have not yet figured out how to edit the config file within the PDM - I can view it though.</P><P></P><P>If I learn how to do that, I'll try your code if you wouldn't mind. Tell me though, if it matters where in the config file I insert it.</P></BODY></HTML> Thu, 17 Feb 2011 22:56:51 GMT https://community.cisco.com/t5/network-security/pix-501-remote-desktop-or-remote-ftp/m-p/1645124#M591418 mfaerber1 2011-02-17T22:56:51Z https://community.cisco.com/t5/network-security/pix-501-remote-desktop-or-remote-ftp/m-p/1645125#M591422 <HTML><HEAD></HEAD><BODY><P>Using this as a guide (<A href="https://community.cisco.com/docs/DOC-1972">https://supportforums.cisco.com/docs/DOC-1972</A>), I came up with the commands below: </P><P></P><P></P><P></P><P>static(inside,outside) <PIX outside="" ip=""> <PIX inside="" ip=""> netmask 255.255.255.255</PIX></PIX></P><P>access-list 101 permit tcp any host <PIX inside="" ip=""> 5900</PIX></P><P>access-list 101 permit udp any host <PIX inside="" ip=""> eq 5900</PIX></P><P></P><P></P><P>(Note: I do not have an ASA and I assume I want 5900 because I'm trying to get TightVNC to work and that's the default port for it.)</P><P></P><P></P><P>Would this work as I hope? If so, does it matter where it goes in the config file? And if this is correct, or after someone tweaks it a little, is there any thing else at all that I need to do to be able to VNC (or FTP) in from off-site to my and other computers on the local network?</P><P></P><P>Thanks again.</P></BODY></HTML> Fri, 18 Feb 2011 16:49:00 GMT https://community.cisco.com/t5/network-security/pix-501-remote-desktop-or-remote-ftp/m-p/1645125#M591422 mfaerber1 2011-02-18T16:49:00Z https://community.cisco.com/t5/network-security/pix-501-remote-desktop-or-remote-ftp/m-p/1645126#M591427 <HTML><HEAD></HEAD><BODY><P>static(inside,outside) <PIX outside="" ip=""> <PIX inside="" ip=""> netmask 255.255.255.255</PIX></PIX></P><P>access-list 101 permit tcp any host <PIX inside="" ip=""> 5900</PIX></P><P>access-list 101 permit udp any host <PIX inside="" ip=""> eq 5900</PIX></P><P></P><P>The above config is correct.</P><P><PIX outside="" ip=""> is the public IP that you're going to assign to the server</PIX></P><P><PIX inside="" ip=""> is the real inside IP of the server</PIX></P><P></P><P>If you're going to use for <PIX outside="" ip=""> the same IP that is assigned to the PIX outside interface, you need to change the above static command for:</PIX></P><P>static(inside,outside) tcp <PIX outside="" ip=""> 5900 <PIX inside="" ip=""> 5900 netmask 255.255.255.255</PIX></PIX></P><P>static(inside,outside) udp <PIX outside="" ip=""> 5900 <PIX inside="" ip=""> 5900 netmask 255.255.255.255</PIX></PIX></P><P></P><P>You also need to add:</P><P>access-group 101 in interface outside</P><P></P><P>Hope it helps.</P><P><BR />Federico.</P></BODY></HTML> Fri, 18 Feb 2011 19:03:34 GMT https://community.cisco.com/t5/network-security/pix-501-remote-desktop-or-remote-ftp/m-p/1645126#M591427 Federico Coto Fajardo 2011-02-18T19:03:34Z