Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
307
Views
5
Helpful
3
Replies

Opening ports on Pix 515

shawn
Level 1
Level 1

‎04-01-2005 07:49 AM - edited ‎02-21-2020 12:03 AM

I'm not familiar with Cisco configuration but need to open firewall ports. Here is what I've done, but not sure if it is correct. Do I need to add more or am I off in left field somewhere?

access-list ACL_in permit tcp any host 66.37.xxx.xxx eq 1025

access-list ACL_in permit tcp any host 66.37.xxx.xxx eq 1289

access-list ACL_in permit tcp any host 66.37.xxx.xxx eq 1290

access-list ACL_in permit tcp any host 66.37.xxx.xxx eq 1291

0 Helpful
3 Replies 3

jmia
Level 7
Level 7

‎04-01-2005 08:24 AM

Shawn,

Your not far off, I presume you are allowing access from IP 66.37.xxx.xxx to ports 1025 - 1291 on the outside interface for specific inside server.

You'll need to bind those ACLs to the outside interface i.e.

access-list ACL_in permit tcp any host 66.37.xxx.xxx eq 1025

access-list ACL_in permit tcp any host 66.37.xxx.xxx eq 1289

access-list ACL_in permit tcp any host 66.37.xxx.xxx eq 1290

access-list ACL_in permit tcp any host 66.37.xxx.xxx eq 1291

access-group ACL_in in interface outside

Also, you'll need to re-direct those ports to an inside server listening on those ports using static translations, i.e.

static (inside,outside) tcp 66.37.xxx.xxx 1025 1025 netmask 255.255.255.255 0 0

...

...

static (inside,outside) tcp 66.37.xxx.xxx 1291 1291 netmask 255.255.255.255 0 0

When you have completed the above save with write mem and also issue command: clear xlate

Hope this helps.

Jay

shawn
Level 1
Level 1
In response to jmia

‎04-01-2005 09:27 AM

Thanks for the info Jay. I'm actually trying to allow any IP that comes to 66.37.xxx.xxx to pass through on ports 1025 & 1289 - 1291to a server on the inside. Before your reply I've created the following statements but haven't saved them in the config yet:

static (inside,outside) tcp 66.37.xxx.xxx 1025 172.168.xxx.xxx 1025 netmask 255.255.255.255 0 0

static (inside,outside) tcp 66.37.xxx.xxx 1289 172.168.xxx.xxx 1289 netmask 255.255.255.255 0 0

static (inside,outside) tcp 66.37.xxx.xxx 1290 172.168.xxx.xxx 1290 netmask 255.255.255.255 0 0

static (inside,outside) tcp 66.37.xxx.xxx 1291 172.168.xxx.xxx 1291 netmask 255.255.255.255 0 0

Also, I already have the following statement included in the config:

access-group ACL_in in interface outside

Does it look like this will do what I'm hoping for?

0 Helpful

jmia
Level 7
Level 7
In response to shawn

‎04-03-2005 11:07 PM

Shawn,

Yes, that should work. Remember to issue command: clear xlate after you've saved the config.

Pls rate all posts if the info provided helps you.

Thanks - Jay

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card