host to host communication in PIX 7.1(1)

Unanswered Question
Aug 11th, 2007


Attached is my sample network security setup. My network is actually closed network which is not connected to outside world but We are attached to the number of untrusted networks but my requirement is to provide the connection based on host to host communication.

In this regard I am facing the problem with the PIX Firewall.

If i issue the command

access-list 101 extended permit tcp host host eq 6002

(i m using the as a static NAT address for the address)

than the communication didn't go through the firewall but if i issue the command

access-list 101 extended permit tcp any host eq 6002

than everything works fine and communication is done without any issue.

The Pix Firewall version i am using is 7.1(1)

Please keep in mind that i have used only one as a sample, the same applies for the other untrust hosts. I am facing the same problem.

Thanks in advance for the answer.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
froggy3132000 Sat, 08/11/2007 - 17:42

Since you are Static natting you need to allow traffic to the pre-Nat'd IP (host visible to other hosts)

what is the source address of the host that will initiate the traffic to on port 6002?

Mansoor Hafeez Sun, 08/12/2007 - 01:44

The source address that will always initiate the traffic for is


This Discussion