Allow NFS from a DMZ to Inside trought a PIX

Unanswered Question
Oct 20th, 2008
User Badges:

Hello,

Trying to allow NFS access from a DMZ host to an Inside NFS Server, I got "% Invalid Hostname" Message when configuring Access Rule.

That append when I add "eq nfs" to ACL.

It's regarding HA 515E PIX firewalls, with context configuration and PIX version 7.2(4).

Any help will be appreciate.

Thank you for your collaboration and best regards.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
husycisco Mon, 10/20/2008 - 08:06
User Badges:
  • Gold, 750 points or more

Hello Pascal,

Most probably, you are missing or you have a typo in ACE. Here is an example


access-list dmz_access_in permit tcp host 172.16.10.1 host 192.168.20.1 eq nfs

If doesnt work, please post the full text you type for ACL


Regards

PASCAL DECK Mon, 10/20/2008 - 22:29
User Badges:

Hello Huseyin,

Thank for the reply.

Of course I checked that the command is correct.

I also introduce the access rule by using ASDM with the same result.

Hereafter the outputs:


PROD(config)# access-list DMZ-PUBLIC_access_in_V1 line 19 extended permit tcp host 172.16.10.1 host 192.168.20.1 eq nfs log 6 interval 300


access-list DMZ-PUBLIC_access_in_V1 line 19 extended permit tcp host 172.16.10.1 host 192.168.20.1 eq nfs log 6 interval 300

^

ERROR: % Invalid Hostname


After I tried with the port number 2049 instead of keyword "nfs" and all is working fine.


That mean the access rule have to be entered in CLI mode with the port number 2049 instead of keyword "nfs". After, in ASDM, the rule is displayed with the "nfs" keyword.


It's OK now. Thank you for your collaboration and best regards.



Actions

This Discussion