enabling Port 3101 for blackberry srp server

willgerrish · ‎07-03-2006

Hi im trying to enable port 3101 on my pix firewall. This is the command im typing

"access-list INSIDE permit tcp host 193.109.81.33 eq 3101"

But it's telling me "missing command argument(s)" so obviously im missing something out. Could someone please point me in the right direction to sort this out pls?

Thanks

Will

grant.maynard · ‎07-03-2006

This questions comes up in the forum every week. Read down.

And don't forget a PIX ACL must have a source and destination IP address - where is your source?

willgerrish · ‎07-03-2006

apologies for not reading down.

The source is a server on my internal network trying to accesss that ip number via that port.

grant.maynard · ‎07-03-2006

ok, so you'll ACL entry would be:

access-list INSIDE permit tcp host YOUR_SERVER_IP host 193.109.81.33 eq 3101

jmia · ‎07-03-2006

Do...

access-list inside permit tcp host host 193.109.81.33 eq 3101

access-group inside in interface inside

Save with - write mem and also issue clear xlate

willgerrish · ‎07-03-2006

when i add in this command it stops everyone getting out on to the internet through my isa server. I ran these command using the conf t command so i just reset the firewall and everything was ok after the reset.

My the way im very new to using pix firewall so apologies if i haven't got the terminology correct.

Pls can someone still help me?

thanks

jmia · ‎07-03-2006

Can you post your PIX config, take out any sensitive info.

Jay

willgerrish · ‎07-03-2006

here you go jay

jmia · ‎07-03-2006

Copy all your inside ACLs onto notepad and edit the ACLs so that you have the required

ACL for BES added (see below), add 'no access-list INSIDE' as the first line on your edited ACL configuration (as below).

Now in configuration mode on the PIX, paste back the edited configuration. Your BES server MUST have direct access to the internet.

no access-list INSIDE

access-list INSIDE permit tcp host .1.22 any eq telnet

access-list INSIDE permit udp host .1.21 any eq domain

access-list INSIDE permit tcp host .1.21 any eq telnet

access-list INSIDE permit udp host .1.21 any eq 1604

access-list INSIDE permit tcp host .1.21 any eq citrix-ica

access-list INSIDE permit udp host .1.22 any eq domain

access-list INSIDE permit udp host .1.21 any eq 4000

access-list INSIDE permit tcp host .1.21 any eq 1863

access-list INSIDE permit tcp host .1.21 gt 1023 any gt 1023

access-list INSIDE permit ip .0.0 255.255.0.0 172.17.0.0 255.255.0.0

access-list INSIDE permit ip .0.0 255.255.0.0 .0.0 255.255.0.0

access-list INSIDE permit tcp host .1.28 any eq ftp

access-list INSIDE permit udp host .1.34 any eq domain

access-list INSIDE permit tcp host .1.34 any eq smtp

access-list INSIDE permit tcp host .1.34 any eq www

access-list INSIDE permit tcp host .1.34 any eq https

access-list INSIDE permit tcp host .1.34 any eq ftp

access-list INSIDE permit tcp host .1.21 any eq www

access-list INSIDE permit tcp host .1.21 any eq https

access-list INSIDE permit tcp host .1.21 any eq ftp

access-list INSIDE permit ip .0.0 255.255.0.0 .10.0 255.255.255.0

access-list INSIDE permit tcp host .1.28 any eq www

access-list INSIDE permit tcp host .1.36 any eq smtp

access-list INSIDE permit tcp host .1.25 any eq smtp

access-list INSIDE permit tcp host host 193.109.81.33 eq 3101

access-group INSIDE in interface inside

Save with: write mem and also issue: clear xlate

Jay