https://community.cisco.com/t5/network-security/pix-special-port-forwarding/m-p/77372#M655453 <HTML><HEAD></HEAD><BODY><P>If I understand you correct you are trying to give access to a terminal Server that is protected by/behind a PIX Firewall ??</P><P></P><P>I believe that GUI's are fine for simple tasks buit in you case you'll just have to get "knee-deep" and learn the CLI !!</P><P></P><P>What you want to do, that is if I understood you correct is to open up for port 3389 to this particular server. This can be done in the following fashion</P><P></P><P>a) assign a static outside IP address for the W2K server which will be used to translate to it's real inside address</P><P></P><P>static (inside,outside) 193.76.88.15 10.1.1.1 netmask 255.255.255.255</P><P></P><P>b) allow (only) port 3389 to pass on this connnection</P><P></P><P>conduit permit tcp host 193.76.88.15 eq 3389 any</P><P></P><P>That should do it, assuming that the W2k box does not require any other open ports. Nevertheless, this, in my (paranoid) opinion, would be to compromise a good firewall as best practice is to *NEVER* to have any port open from the outside to the inside, but that a whole new thred we would have to open just for that discussion.... </P><P></P><P>Good luck</P><P>- Goran</P><P></P></BODY></HTML> Wed, 15 May 2002 06:20:30 GMT gradosavljevic 2002-05-15T06:20:30Z https://community.cisco.com/t5/network-security/pix-special-port-forwarding/m-p/77371#M655450 <P>Hi All, </P><P></P><P>I put this thread in the remote access area as well because of the port I am having trouble forwarding through the PIX.</P><P></P><P>What I'm trying to do is forward port 3389 (windows terminal services) to a W2k server. I tried using access list settings in the GUI for this to no avail and I'm not familiar enough with PIX CLI to accomplish this yet. </P><P></P><P>Thanks, </P><P></P><P>Josh </P><P></P> Fri, 21 Feb 2020 06:03:36 GMT https://community.cisco.com/t5/network-security/pix-special-port-forwarding/m-p/77371#M655450 j.way 2020-02-21T06:03:36Z https://community.cisco.com/t5/network-security/pix-special-port-forwarding/m-p/77372#M655453 <HTML><HEAD></HEAD><BODY><P>If I understand you correct you are trying to give access to a terminal Server that is protected by/behind a PIX Firewall ??</P><P></P><P>I believe that GUI's are fine for simple tasks buit in you case you'll just have to get "knee-deep" and learn the CLI !!</P><P></P><P>What you want to do, that is if I understood you correct is to open up for port 3389 to this particular server. This can be done in the following fashion</P><P></P><P>a) assign a static outside IP address for the W2K server which will be used to translate to it's real inside address</P><P></P><P>static (inside,outside) 193.76.88.15 10.1.1.1 netmask 255.255.255.255</P><P></P><P>b) allow (only) port 3389 to pass on this connnection</P><P></P><P>conduit permit tcp host 193.76.88.15 eq 3389 any</P><P></P><P>That should do it, assuming that the W2k box does not require any other open ports. Nevertheless, this, in my (paranoid) opinion, would be to compromise a good firewall as best practice is to *NEVER* to have any port open from the outside to the inside, but that a whole new thred we would have to open just for that discussion.... </P><P></P><P>Good luck</P><P>- Goran</P><P></P></BODY></HTML> Wed, 15 May 2002 06:20:30 GMT https://community.cisco.com/t5/network-security/pix-special-port-forwarding/m-p/77372#M655453 gradosavljevic 2002-05-15T06:20:30Z https://community.cisco.com/t5/network-security/pix-special-port-forwarding/m-p/77373#M655456 <HTML><HEAD></HEAD><BODY><P></P><P></P><P>Thanks a bunch Goran. I think that'll do it. I am somewhat familiar with the CLI. However, conduit commands are still a bit shaky... The funny thing about this one is that I was just told to replace the PIX with a NetScreen 5xp because that is what the client was expecting. Well, I guess I'll go ahead and stick it before our corporate LAN in which our MS guys use the W2k TS anyway.</P><P></P><P>Best regards,</P><P></P><P>Josh</P></BODY></HTML> Wed, 15 May 2002 23:02:12 GMT https://community.cisco.com/t5/network-security/pix-special-port-forwarding/m-p/77373#M655456 j.way 2002-05-15T23:02:12Z