Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
561
Views
0
Helpful
2
Replies

Opening port 3389 on a PIX 515E with the PDM

mgarbinski
Level 1
Level 1

‎07-05-2004 01:04 PM - edited ‎02-20-2020 11:29 PM

We have just installed a PIX 515E firewall. Can I utilize the PIX Device Manager to open port 3389 for remote access to our terminal server? I see the fixup for other well-known ports, but not for terminal services. How do I go about this configuration?

Thanks!

0 Helpful
2 Replies 2

mvoight
Level 1
Level 1

‎07-05-2004 03:10 PM

Fixup only supports specific protocols for application inspection. Fixup is not required for accessing servers

Fixup is needed for well known applications such as ftp, when you are not using default ports. For instance, ftp requires 2 connections, the control channel and the data channel. For ftp to work, the PIX has to look at the data part of the packet in order to know how to handle the data connection.

Fixup is documented at

http://www/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a008017278b.html#wp1078381

The applications/protocols that PIX supports for fixup is http://www/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a008017278b.html#wp1063623

For server access, you would generally configure "conduits"

Michael

0 Helpful

jmia
Level 7
Level 7

‎07-06-2004 01:18 AM

Hi,

Here is what you need to do for allowing access on port 3389, the other post states to use conduits but conduits are being fazed out so better of using ACLs. Don't forget to issue clear xlate and save with write mem.

You are better of doing this via CLI instead of PDM.

access-list outside_intf permit tcp host host eq 3389

access-group outside_intf in interface outside

static (inside,outside) tcp 3389 3389 netmask 255.255.255.255

0 0

* Note, the outside_intf_ip_addrs corresponds to who is allowed to connect from the outside (internet).

The outside_ip_addrs_of_pix corresponds to the ip address of your pix outside ip address.

If you only have one public ip address and this address is setup for your pix outside interface then you can set the static as follows:

static (inside,outside) tcp interface 3389 3389 netmask 255.255.255.255 0 0

This way you are only allowing that one host (trusted ip address) to connect to the RDP server.

Let me know if this helps or require further explanation.

Jay

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card