11-08-2004 08:55 PM - edited 02-20-2020 11:44 PM
Dear all,
I want to open all ports for outbond traffic and open all ports for inbond traffic in my PIX 525.
So I use this command :
access-list 1 permit any any
access-list 2 deny any any
access-group 2 in interface outside
access-group 1 in interface inside
Is it correct?
11-08-2004 10:57 PM
You must use
access-list 1 permit ip any any
access-list 2 deny ip any any
and the
ICMP permit any echo-reply outside
to enable ICMP trafikk
Due to Adaptive Security Alogrythm (ASA) by default the PIX only let trough trafikk that origens from the inside, so outside trafikk wont be allowed unless specified (like the need for a DMZ with public awailible servers)
Tor
11-09-2004 09:58 AM
*******************************************
"I want to open all ports for outbond traffic and open all ports for inbond traffic in my PIX 525."
*******************************************
To OPEN all ports for inbound traffic and OPEN all ports for outbound traffic......remove the PIX.
11-09-2004 10:00 AM
Now, if you want to OPEN all outbound and CLOSE all inbound, then you really do not have to configure ACLs. The PIX's ASA does it statefully.
However, for ping to work, you will have to open ICMP echo-reply on the outside interface.
You MAY have some issues with FTP traffic, depending on what kind of FTP you are using and where your FTP server and client are located. As such, if you run into issues with FTP, then you may need to open all ports in the high range.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide