10-22-2004 09:38 AM - edited 02-20-2020 11:42 PM
Hi all,
I want to setup Cisco Pix to allow Terminal Service traffic from outside.
Here is what I did:
"access-list outside100 permit tcp any host 63.207.35.51 eq 3389
static (inside,outside) tcp 63.207.35.51 3389 192.168.166.200 3389 netmask 255.255.255.255 0 0
access-group outside100 in interface outside"
when i typed in "wr mem", it gives an error message.
It does not like those commands.
The only thing I can thing off is that I have an existing access-list which is letting FTP traffic in using ip address 63.207.35.50
Can anyone help me with this?
I would really appreciate it.
Paul Hong
10-22-2004 09:44 AM
What error message do you get? The PIX usually complains about commands it doesn't like when you enter them, not when you try to do a "wr me". I have seen errors in the past about the flash being corrupt (I forget the details - it was a long time ago), but that message also told you the command to run to fix the flash. The other access-list line(s) you have shouldn't be a problem, since the PIX doesn't really do any sanity checking on access-lists except for syntax and consistency checks on address/mask combinations on individual lines.
12-01-2004 04:17 AM
Change your config as this. Should be ok then.
access-list outside100 permit tcp any host 63.207.35.51 eq 3389
static (inside,outside)63.207.35.51 192.168.166.200 netmask 255.255.255.255 0 0
access-group outside100 in interface outside.
You dont put the protocols/port numbers in the static command
Hope this helps unless you already got it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide