Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
546
Views
5
Helpful
4
Replies

How do I open a port and limit the address range that uses it on PIX 515?

Go to solution
cookie999
Level 1
Level 1

‎10-26-2004 07:43 AM - edited ‎02-20-2020 11:42 PM

I have a Pix 515 v6.3 and a new piece of software that I'm getting soon will need have port 5080 open for inbound & outbound HTTP traffic. The server will be in my DMZ at 10.0.0.1

I would like to restrict inbound access to this port so that it can only be used from 4 specific foreign IP adderess xxx.xxx.xxx.24 thru xxx.xxx.xxx.27 and also,if possible, restrict the destination outbound traffic using this port to a single specific foreign IP adress xxx.xxx.xxx.30.

Could you please advise me of the best way to do this.

Many Thanks in advance from a relative PIX newbie.

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Patrick Iseli
Level 7
Level 7

‎10-26-2004 08:24 AM

PIX(config)# access-list acl-outside permit tcp host xxx.xxx.xxx.24 host MyWWWPublicIP eq 5080

PIX(config)# access-list acl-outside permit tcp host xxx.xxx.xxx.25 host MyWWWPublicIP eq 5080

PIX(config)# access-list acl-outside permit tcp host xxx.xxx.xxx.26 host MyWWWPublicIP eq 5080

PIX(config)# access-list acl-outside permit tcp host xxx.xxx.xxx.27 host MyWWWPublicIP eq 5080

PIX(config)# access-group acl-outside in interface outside

PIX(config)# access-list acl-dmx permit tcp host 10.0.0.1 host xxx.xxx.xxx.30 eq 5080

PIX(config)# access-group acl-dmz in interface dmz

static (inside,outside) MyWWWPublicIP 10.0.0.1 netmask 255.255.255.255 0 0

See also:

PIX 500 Series Firewalls

http://www.cisco.com/pcgi-bin/Support/browse/psp_view.pl?p=Hardware:PIX&s=Software_Configuration

Configuring the PIX Firewall with Mail Server Access on DMZ Network

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008015efa9.shtml

sincerely

Patrick

View solution in original post

4 Replies 4

Go to solution
Patrick Iseli
Level 7
Level 7

‎10-26-2004 08:24 AM

PIX(config)# access-list acl-outside permit tcp host xxx.xxx.xxx.24 host MyWWWPublicIP eq 5080

PIX(config)# access-list acl-outside permit tcp host xxx.xxx.xxx.25 host MyWWWPublicIP eq 5080

PIX(config)# access-list acl-outside permit tcp host xxx.xxx.xxx.26 host MyWWWPublicIP eq 5080

PIX(config)# access-list acl-outside permit tcp host xxx.xxx.xxx.27 host MyWWWPublicIP eq 5080

PIX(config)# access-group acl-outside in interface outside

PIX(config)# access-list acl-dmx permit tcp host 10.0.0.1 host xxx.xxx.xxx.30 eq 5080

PIX(config)# access-group acl-dmz in interface dmz

static (inside,outside) MyWWWPublicIP 10.0.0.1 netmask 255.255.255.255 0 0

See also:

PIX 500 Series Firewalls

http://www.cisco.com/pcgi-bin/Support/browse/psp_view.pl?p=Hardware:PIX&s=Software_Configuration

Configuring the PIX Firewall with Mail Server Access on DMZ Network

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008015efa9.shtml

sincerely

Patrick

Go to solution
cookie999
Level 1
Level 1
In response to Patrick Iseli

‎10-27-2004 12:39 AM

Thanks Patrick, Your help is very much appreciated,

Regards,

Colin

0 Helpful

Go to solution
Patrick Iseli
Level 7
Level 7
In response to cookie999

‎10-27-2004 06:15 AM

Little mistake !!

static (inside,outside) MyWWWPublicIP 10.0.0.1 netmask 255.255.255.255 0 0

should be:

static (dmz,outside) MyWWWPublicIP 10.0.0.1 netmask 255.255.255.255 0 0

As this server is supposed to be in the DMZ isn't it.

sincerely

Patrick

0 Helpful

Go to solution
cookie999
Level 1
Level 1
In response to Patrick Iseli

‎10-27-2004 07:26 AM

Thanks for putting that right.

Regards

Colin

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card