cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
387
Views
0
Helpful
3
Replies

Pix 506e 6.1(4) and range of udp ports

rogervanstone
Level 1
Level 1

Hi all,

I think i know the answer to this but i will try anyway, i support a pix 506e ver 6.1(4) (yes i know its old), which has been fine for what it needs to do for the last several years. However i now need to open a range of ports to a host on the internal network. I know how to setup a mapping for a small number of ports ( i use access-lists and static in,out) however i cannot see if there is a way to include a range of ports in the static command. Is this possible ?. If not is there another way that could be used. Ive used the range command in the access-list but cannot see how to tie this into a static command. There is no current maintenance on this pix.

I can provide a listing if required. I've done a google for various ideas but nothing comes up apart from the obvious upgrade solution.

3 Replies 3

Ivan Martinon
Level 7
Level 7

Unfortunately, note even upgrading your pix will your be able to tie a range or ports to a single static entry. You will need to use static port mapping for each of the ports on the range.

Thanks for the reply. I'm not sure i fully understand it though. There must be a way of port forwarding a range of ports other than by access-list and static mapping to particular internal hosts. I know pix ver 6.3 has object-groups (?) that can be used. All i want to do is portward a very large number of ports to one particular host (in the order of 10000).

Sorry, I wish I could give you anonther answer, there is no way to do a port forward via a static for a range of ports other than adding each port with the static port map:

http://www.cisco.com/en/US/docs/security/pix/pix61/command/reference/s.html#wp1026694

Your best option would be to just create a one to one translation which will cover all of the ports in the range

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: