In some situations, it may be necessary to permit access to a device through a PIX/ASA Firewall using PCAnywhere. By default, such connections are denied, so you must configure the PIX/ASA to allow PCAnywhere traffic to be permitted from the outside interface to the inside interface.
In most PIX/ASA scenarios, the inside interface and network uses private addressing, while the outside interface and network uses public addressing. Therefore, a static mapping must be created to establish the relationship between the outside and inside addresses. Moreover, an Access Control List (ACL) must define the traffic that is permitted through the PIX/ASA.
PCAnywhere uses ports 5631 (Data port or Transmission Control Protocol [TCP]) and 5632 (Status port or User Datagram Protocol [UDP]) to communicate. Therefore, these ports must be explicitly permitted on the PIX.
Consider the example of a device on the inside interface of the firewall with an IP address of 10.1.1.10, which is mapped to an external (global) IP address of 188.8.131.52. In this case, traffic destined for 184.108.40.206 arrives at the firewall, is translated to 10.1.1.10, and is passed to the inside interface.
Based on the above factors, the configuration necessary for this scenario follows:
static(inside,outside) 220.127.116.11 10.1.1.10 netmask 255.255.255.255! --- The static mapping between 18.104.22.168 (outside address) and 10.1.1.10 (inside address).access-list 101 permit tcp any host 22.214.171.124 eq 5631! --- Permits TCP traffic to 126.96.36.199, port 5631.access-list 101 permit udp any host 188.8.131.52 eq 5632! --- Permits UDP traffic to 184.108.40.206, port 5632.access-group 101 in interface outside! --- Apply ACL 101 to the outside interface.
HelloI currently am trying to host a local ip 10.x.x.x but intend to point it to a public IP 41.x.x.x. The Global DNS has been done I have attempted to do this via natting the network object which didn't workAlso I tried natting on the interfaces but...
Hi, I already implemented with success the Pxgrid using ISE anda FMC, and Self-registration on ISE and WLC, all is working.But on the FMC events , the "intiator user" dont show the guest user createad on ISE, is it possible to show the guest user?&nb...
Hi all, On an ASA 5505, is there a way to limit the bandwidth per user unless there is little activity, which would then allow the user more bandwidth. For instance, if I have a 100mb internet link, and give all connections a guaranteed 10mb, co...