Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1280
Views
0
Helpful
4
Replies

Pix 501 remote desktop or remote FTP?

mfaerber1
Level 1
Level 1

‎02-17-2011 12:25 PM - edited ‎03-11-2019 12:52 PM

Hello, utter novice here with a very old Sun server behind a Pix 501 (v6.3) running PDM v3.0.

I need to access the server files from a remote location but I am overwelmed trying to learn how everything works.

It seems that I need to simply either create some new rules or configure the "Easy VPN Remote" section of the PDM.

Can anyone please walk me through the PDM so that I can either use remote desktop or FTP from anywhere? Whichever is simpler to explain is fine.

Thank you very much.

Labels:
0 Helpful
4 Replies 4

Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎02-17-2011 12:33 PM

Hi,

To access the inside server remotely you can either use a VPN tunnel or simply use a NAT rule to redirect traffic to it.

If you have a public IP on the outside interface of the PIX, you can simply create a Static PAT rule to redirect 3389 to the server and permit it with an ACL.

It's been years that I don't touch PDM, but I can show you the commands.

Federico.

0 Helpful

mfaerber1
Level 1
Level 1
In response to Federico Coto Fajardo

‎02-17-2011 02:56 PM

Thank you very much Federico. I think I see all of the IPs I need in the PDM. I have not yet figured out how to edit the config file within the PDM - I can view it though.

If I learn how to do that, I'll try your code if you wouldn't mind. Tell me though, if it matters where in the config file I insert it.

0 Helpful

mfaerber1
Level 1
Level 1

‎02-18-2011 08:49 AM

Using this as a guide (https://supportforums.cisco.com/docs/DOC-1972), I came up with the commands below:

static(inside,outside) netmask 255.255.255.255

access-list 101 permit tcp any host 5900

access-list 101 permit udp any host eq 5900

(Note: I do not have an ASA and I assume I want 5900 because I'm trying to get TightVNC to work and that's the default port for it.)

Would this work as I hope? If so, does it matter where it goes in the config file? And if this is correct, or after someone tweaks it a little, is there any thing else at all that I need to do to be able to VNC (or FTP) in from off-site to my and other computers on the local network?

Thanks again.

0 Helpful

Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to mfaerber1

‎02-18-2011 11:03 AM

static(inside,outside) netmask 255.255.255.255

access-list 101 permit tcp any host 5900

access-list 101 permit udp any host eq 5900

The above config is correct.

is the public IP that you're going to assign to the server

is the real inside IP of the server

If you're going to use for the same IP that is assigned to the PIX outside interface, you need to change the above static command for:

static(inside,outside) tcp 5900 5900 netmask 255.255.255.255

static(inside,outside) udp 5900 5900 netmask 255.255.255.255

You also need to add:

access-group 101 in interface outside

Hope it helps.


Federico.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card