Cisco PIX 501

Unanswered Question
Jul 30th, 2007
User Badges:

Hi All,

I am a newbie to Cisco PIX 501, i have recently joined this company where they have servers at Data center and they are behind this PIX501. All the configuration were done by the former sys admin.

Now i have installed Advenet Application Manager in one of the data center linux machine, this s/w is used to monitor our clients servers, now my development team has installed JBoss on the clients server and they want to monitor this server through the monitoring software.

The network admin at my clients place have allowed full access to my monitoring servers ip, and now its my trun to give full access to the the clients server's ip.

I googled and gave some try to the PIX, but in vain, it didn't work.

I had issued this command to allow full access to the clients IP.

access-list outside_access_in permit tcp any host this is the IP of my monitoring s/w.

Can some one please tell me what all others command are needed to allow full access to all ports to the clients server.

Thanks in Advance.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2.5 (2 ratings)

When properly configured, the PIX Firewall can secure your network from outside threats. The PIX Firewall is not a turn-key system. You have to program it to identify which hosts can access your inside network and which cannot. It is your responsibility to protect your network. The PIX Firewall will not prevent all forms of security threats, but its features provide you with an arsenal of resources to repel network attacks. The PIX Firewall cannot protect your network from inside attackers. To properly protect against these threats, all persons with access to the inside network should be given only the least privilege and access they require to perform their jobs. This access should be reviewed periodically, and updated if necessary

JohnnyHeavens Wed, 08/29/2007 - 06:59
User Badges:

Posting your config will help people see the rest of what you have going on. Just change/remove and real IPs, password strings first.

acomiskey Wed, 08/29/2007 - 11:57
User Badges:
  • Green, 3000 points or more

Allow access to everything by replacing "tcp" with "ip".

access-list outside_access_in permit ip any host

Or for example if you just wanted to allow tcp port 80...

access-list outside_access_in permit tcp any host eq 80


This Discussion