open port range

Unanswered Question
Jan 17th, 2008
User Badges:

I have an 1841 with IOS 12.4 connected to an isp with a single subnet - I am trying to create and access list for IP phone access to a single internal IP on ports:

5566 tcp

5567 udp

6004-7039 udp

I can nat the first two with static entries but I cannot seem to get the port range to work?

Thank you in advance for any help

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ebreniz Wed, 01/23/2008 - 09:09
User Badges:
  • Silver, 250 points or more

In order to open certain range of TCP or UDP ports on PIX, use the service object group and define it in an ACL or conduit. Refer to this configuration example:

PIX (config)#object-group service tcp

PIX(config-service)#port-object range <1-65535>

PIX (config)#object-group service udp

PIX(config-service)#port-object range <1-65535>


Bind the object-groups with access-lists:


PIX (config)#access-list permit tcp any any object-group

PIX (config)#access-list permit udp any any object-group


http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00800d641d.shtml#serv



Actions

This Discussion