Cisco Pix 501

ciscopaul · ‎10-22-2004

Hi all,

I want to setup Cisco Pix to allow Terminal Service traffic from outside.

Here is what I did:

"access-list outside100 permit tcp any host 63.207.35.51 eq 3389

static (inside,outside) tcp 63.207.35.51 3389 192.168.166.200 3389 netmask 255.255.255.255 0 0

access-group outside100 in interface outside"

when i typed in "wr mem", it gives an error message.

It does not like those commands.

The only thing I can thing off is that I have an existing access-list which is letting FTP traffic in using ip address 63.207.35.50

Can anyone help me with this?

I would really appreciate it.

Paul Hong

ddawson · ‎10-22-2004

What error message do you get? The PIX usually complains about commands it doesn't like when you enter them, not when you try to do a "wr me". I have seen errors in the past about the flash being corrupt (I forget the details - it was a long time ago), but that message also told you the command to run to fix the flash. The other access-list line(s) you have shouldn't be a problem, since the PIX doesn't really do any sanity checking on access-lists except for syntax and consistency checks on address/mask combinations on individual lines.

mbluemel · ‎12-01-2004

Change your config as this. Should be ok then.

access-list outside100 permit tcp any host 63.207.35.51 eq 3389

static (inside,outside)63.207.35.51 192.168.166.200 netmask 255.255.255.255 0 0

access-group outside100 in interface outside.

You dont put the protocols/port numbers in the static command

Hope this helps unless you already got it.