Cisco PIX 501

Unanswered Question
Jul 30th, 2007

Hi All,

I am a newbie to Cisco PIX 501, i have recently joined this company where they have servers at Data center and they are behind this PIX501. All the configuration were done by the former sys admin.

Now i have installed Advenet Application Manager in one of the data center linux machine, this s/w is used to monitor our clients servers, now my development team has installed JBoss on the clients server and they want to monitor this server through the monitoring software.

The network admin at my clients place have allowed full access to my monitoring servers ip, and now its my trun to give full access to the the clients server's ip.

I googled and gave some try to the PIX, but in vain, it didn't work.

I had issued this command to allow full access to the clients IP.

access-list outside_access_in permit tcp any host 202.87.xx.xxx

202.87.xx.xxx this is the IP of my monitoring s/w.

Can some one please tell me what all others command are needed to allow full access to all ports to the clients server.

Thanks in Advance.

Raj.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2.5 (2 ratings)
Loading.

When properly configured, the PIX Firewall can secure your network from outside threats. The PIX Firewall is not a turn-key system. You have to program it to identify which hosts can access your inside network and which cannot. It is your responsibility to protect your network. The PIX Firewall will not prevent all forms of security threats, but its features provide you with an arsenal of resources to repel network attacks. The PIX Firewall cannot protect your network from inside attackers. To properly protect against these threats, all persons with access to the inside network should be given only the least privilege and access they require to perform their jobs. This access should be reviewed periodically, and updated if necessary

JohnnyHeavens Wed, 08/29/2007 - 06:59

Posting your config will help people see the rest of what you have going on. Just change/remove and real IPs, password strings first.

acomiskey Wed, 08/29/2007 - 11:57

Allow access to everything by replacing "tcp" with "ip".

access-list outside_access_in permit ip any host 202.87.xx.xxx

Or for example if you just wanted to allow tcp port 80...

access-list outside_access_in permit tcp any host 202.87.xx.xxx eq 80

Actions

This Discussion