Re: Range of Ports Mapping in PIX515e version 8

rafat0426 · ‎11-28-2010

i am unable to Find Command in PIX515e version 8 to map Range of ports to Range of ports

My Configuration is

object-group service SAP_port udp
port-object range 3200 3299

access-list outside-inside extended permit udp any host 88.85.229.107 range 3200 3299

or

access-list outside-inside extended permit udp any host 88.85.229.107 object-group SAP_port

but i am unable to Find Command For Port mapping.

Could any body Suggest me in this regard.

Kureli Sankar · ‎11-28-2010

PIX - 8.0.x - this is not possible.

You need to do these line by line

static (i,o) tcp interface 80 192.168.1.1 80

and repeat for all the ports.

Howerver, this is possible in 8.3.x. PIX cannot run 8.3 - It has to be an ASA.

 object service FTP_PASV_PORT_RANGE
   service tcp source range 65000 65004
 
 object network HOST_FTP_SERVER
  host 192.168.10.100
 
 nat (Inside,outside) source static HOST_FTP_SERVER interface service
FTP_PASV_PORT_RANGE FTP_PASV_PORT_RANGE


ciscoasa(config)# sh xlate
1 in use, 6 most used
TCP PAT from Inside:HOST_FTP_SERVER 65000-65004 to outside:10.10.10.1
65000-65004 flags sr idle 47:51:27 timeout 0:00:00

-KS

rafat0426 · ‎11-29-2010

Thanks For Your Support,

My pix Version is 8.0(3)

as per your suggestion , i think i need 8.3.x version.

could you please help me to Download this Version.

Kureli Sankar · ‎11-29-2010

Shaik,

As I mentioned earlier PIX cannot run 8.3 - It has to be an ASA.

Is this an ASA or PIX.

If this is ASA then you can download 8.3.x code here:

ASA code: http://tools.cisco.com/squish/10C815

ASDM image : http://tools.cisco.com/squish/a5338C

-KS