04-01-2005 07:49 AM - edited 02-21-2020 12:03 AM
I'm not familiar with Cisco configuration but need to open firewall ports. Here is what I've done, but not sure if it is correct. Do I need to add more or am I off in left field somewhere?
access-list ACL_in permit tcp any host 66.37.xxx.xxx eq 1025
access-list ACL_in permit tcp any host 66.37.xxx.xxx eq 1289
access-list ACL_in permit tcp any host 66.37.xxx.xxx eq 1290
access-list ACL_in permit tcp any host 66.37.xxx.xxx eq 1291
04-01-2005 08:24 AM
Shawn,
Your not far off, I presume you are allowing access from IP 66.37.xxx.xxx to ports 1025 - 1291 on the outside interface for specific inside server.
You'll need to bind those ACLs to the outside interface i.e.
access-list ACL_in permit tcp any host 66.37.xxx.xxx eq 1025
access-list ACL_in permit tcp any host 66.37.xxx.xxx eq 1289
access-list ACL_in permit tcp any host 66.37.xxx.xxx eq 1290
access-list ACL_in permit tcp any host 66.37.xxx.xxx eq 1291
access-group ACL_in in interface outside
Also, you'll need to re-direct those ports to an inside server listening on those ports using static translations, i.e.
static (inside,outside) tcp 66.37.xxx.xxx 1025
...
...
static (inside,outside) tcp 66.37.xxx.xxx 1291
When you have completed the above save with write mem and also issue command: clear xlate
Hope this helps.
Jay
04-01-2005 09:27 AM
Thanks for the info Jay. I'm actually trying to allow any IP that comes to 66.37.xxx.xxx to pass through on ports 1025 & 1289 - 1291to a server on the inside. Before your reply I've created the following statements but haven't saved them in the config yet:
static (inside,outside) tcp 66.37.xxx.xxx 1025 172.168.xxx.xxx 1025 netmask 255.255.255.255 0 0
static (inside,outside) tcp 66.37.xxx.xxx 1289 172.168.xxx.xxx 1289 netmask 255.255.255.255 0 0
static (inside,outside) tcp 66.37.xxx.xxx 1290 172.168.xxx.xxx 1290 netmask 255.255.255.255 0 0
static (inside,outside) tcp 66.37.xxx.xxx 1291 172.168.xxx.xxx 1291 netmask 255.255.255.255 0 0
Also, I already have the following statement included in the config:
access-group ACL_in in interface outside
Does it look like this will do what I'm hoping for?
04-03-2005 11:07 PM
Shawn,
Yes, that should work. Remember to issue command: clear xlate after you've saved the config.
Pls rate all posts if the info provided helps you.
Thanks - Jay
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide