Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
879
Views
0
Helpful
5
Replies

Open UDP Ports 4004 & 4005

robert.l.jones
Level 1
Level 1

‎08-05-2004 05:13 AM - edited ‎03-09-2019 08:19 AM

I have been requested to open UDP ports: 4004, 4005, & 5067.

Plus, TCP port 5066.

How would I do this on a PIX515E?

Labels:
0 Helpful
5 Replies 5

mostiguy
Level 6
Level 6

‎08-05-2004 05:16 AM

Look for an access group statement referencing the outside interface. That will tell you what access-list is bound to the outside interface. That is the access-list you need to edit.

If you do not have access-group or access-list statements, you should look for conduit statements.

What application are those ports for?

0 Helpful

robert.l.jones
Level 1
Level 1
In response to mostiguy

‎08-05-2004 07:05 AM

This is for an IP based Soft phone for remote users. They connect their PC to their ISP, open a VPN tunnel to my Network, and the destination would be the PBX NIC card IP address. But would the source IP address be the ISP assigned address? Or the internal private IP address assigned by the VPN concentrator?

0 Helpful

paddyxdoyle
Level 6
Level 6

‎08-05-2004 06:12 AM

You need to find out the source and destination addresses that require these ports.

e.g. if a host on 1.1.1.1 needs to access these ports on server 2.2.2.2 residing on a DMZ then you would create an access-list as follows

access-list outside permit udp host 1.1.1.1 host 2.2.2.2 eq 4004

access-list outside permit udp host 1.1.1.1 host 2.2.2.2 eq 4005

access-list outside permit udp host 1.1.1.1 host 2.2.2.2 eq 5067

access-list outside permit tcp host 1.1.1.1 host 2.2.2.2 eq 5066

Then you need to apply this access-list to your interface, so assuming you allow these connections to a DMZ from the outise then

access-group outside in interface outside

I would advise that you find out exactly what these ports are for and why they need to be opened before making any changes, if these ports are to opened to permit access from the outside (internet facing) then your server should ideally be on a DMZ

Rgds

Paddy

0 Helpful

robert.l.jones
Level 1
Level 1
In response to paddyxdoyle

‎08-05-2004 07:11 AM

This is for an IP based Soft phone for remote users. They connect their PC to their ISP, open a VPN tunnel to my Network, and the destination would be the PBX NIC card IP address. But would the source IP address be the ISP assigned address? Or the internal private IP address assigned by the VPN concentrator?

0 Helpful

paddyxdoyle
Level 6
Level 6
In response to robert.l.jones

‎08-05-2004 12:50 PM

I would hope it's the address assigned by the VPN concentrator, if it was a public address and your users were connecting to multiple different ISPs then you would have a problem allowing connections in from a multitude of different addresses.

Rgds

Paddy

0 Helpful
Customers Also Viewed These Support Documents