open port range

Unanswered Question
Jan 17th, 2008

I have an 1841 with IOS 12.4 connected to an isp with a single subnet - I am trying to create and access list for IP phone access to a single internal IP on ports:

5566 tcp

5567 udp

6004-7039 udp

I can nat the first two with static entries but I cannot seem to get the port range to work?

Thank you in advance for any help

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ebreniz Wed, 01/23/2008 - 09:09

In order to open certain range of TCP or UDP ports on PIX, use the service object group and define it in an ACL or conduit. Refer to this configuration example:

PIX (config)#object-group service tcp

PIX(config-service)#port-object range <1-65535>

PIX (config)#object-group service udp

PIX(config-service)#port-object range <1-65535>

Bind the object-groups with access-lists:

PIX (config)#access-list permit tcp any any object-group

PIX (config)#access-list permit udp any any object-group

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00800d641d.shtml#serv

Actions

This Discussion