Re: security in PIX 525

fajarkusmelia · ‎11-08-2004

Dear all,

I want to open all ports for outbond traffic and open all ports for inbond traffic in my PIX 525.

So I use this command :

access-list 1 permit any any

access-list 2 deny any any

access-group 2 in interface outside

access-group 1 in interface inside

Is it correct?

CSCO10490349 · ‎11-08-2004

You must use

access-list 1 permit ip any any

access-list 2 deny ip any any

and the

ICMP permit any echo-reply outside

to enable ICMP trafikk

Due to Adaptive Security Alogrythm (ASA) by default the PIX only let trough trafikk that origens from the inside, so outside trafikk wont be allowed unless specified (like the need for a DMZ with public awailible servers)

Tor

pkapoor · ‎11-09-2004

*******************************************

"I want to open all ports for outbond traffic and open all ports for inbond traffic in my PIX 525."

*******************************************

To OPEN all ports for inbound traffic and OPEN all ports for outbound traffic......remove the PIX.

pkapoor · ‎11-09-2004

Now, if you want to OPEN all outbound and CLOSE all inbound, then you really do not have to configure ACLs. The PIX's ASA does it statefully.

However, for ping to work, you will have to open ICMP echo-reply on the outside interface.

You MAY have some issues with FTP traffic, depending on what kind of FTP you are using and where your FTP server and client are located. As such, if you run into issues with FTP, then you may need to open all ports in the high range.