Re: PIX newbee question

mwudtke · ‎01-07-2002

Hello,

bear with me on a question that many should know.

I want to allow any access to tcp port 3782 from the outside to any inside.

i have a PIX 501,

would i use the command that follows?

conduit permit tcp any eq 3782 any

Thank you,

Mark

bdube · ‎01-07-2002

To pass from low security interface (outside) to high security interface (inside) you should have a STATIC statement for each host inside your network. CONDUIT & STATIC are an inseparable pair of commands. This means you must have one public address mapped with each internal addresses. It's completely unsecure. You should never have a direct path from outside to inside. In your case, you talk about as many path as inside host. Don't do that.

Look for something else.

Regards

Ben

mwudtke · ‎01-07-2002

What I am trying to do is allow my internal ip to be a server for a software program called "Roger Wilco" and allows others outside to connect to me inside.

It's a freeware voice over ip program.

Any ideas how I can do this as secure as possible would be appreciated.

Report Inappropriate Content · ‎01-07-2002

Mark...

The aerlier person is more or less correct...

Translation has to happen before you can permit traffic to you inside server...What makes your single conduit statement insecure is the fact that you don't state the destination IP address...

So do a static from the inside ip address to an outside ip address (this allows the PIX to act on behalf of your server). Then permit that port to that outside address only...That's very acceptible.

C-