Pix 506e 6.1(4) and range of udp ports

Unanswered Question
Feb 12th, 2009

Hi all,

I think i know the answer to this but i will try anyway, i support a pix 506e ver 6.1(4) (yes i know its old), which has been fine for what it needs to do for the last several years. However i now need to open a range of ports to a host on the internal network. I know how to setup a mapping for a small number of ports ( i use access-lists and static in,out) however i cannot see if there is a way to include a range of ports in the static command. Is this possible ?. If not is there another way that could be used. Ive used the range command in the access-list but cannot see how to tie this into a static command. There is no current maintenance on this pix.

I can provide a listing if required. I've done a google for various ideas but nothing comes up apart from the obvious upgrade solution.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Ivan Martinon Thu, 02/12/2009 - 09:29

Unfortunately, note even upgrading your pix will your be able to tie a range or ports to a single static entry. You will need to use static port mapping for each of the ports on the range.

rogervanstone Thu, 02/12/2009 - 14:12

Thanks for the reply. I'm not sure i fully understand it though. There must be a way of port forwarding a range of ports other than by access-list and static mapping to particular internal hosts. I know pix ver 6.3 has object-groups (?) that can be used. All i want to do is portward a very large number of ports to one particular host (in the order of 10000).

Actions

This Discussion