Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Can't get UDP port opened!

Unanswered Question
May 22nd, 2006
User Badges:


Have a cable modem, connect my pc in and of course can get a specific UDP port opened. But when i connect my 501, all my ports are shielded, and that of course is good. How do i open UDP XXXXX from outside and in to my network and a specific host?

can't get the access rule to work.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
a.kiprawih Mon, 05/22/2006 - 23:58
User Badges:
  • Gold, 750 points or more


By default, PIX deny any inbound access, except if permitted via ACL.

The rules to allow outside to access inside host/server is to use ACL to allow permitted services for inbound connection, static address mapping of internal server to external/public IP (assigned by ISP) and to have proper routing to external/internet.

In your case, you need to map your internal server, e.g to a public IP, x.x.x.10 using static command, as follow:

static (inside,outside) x.x.x.10 netmask a b

a-maximum connection allowed (optional, default 0)

b-embryonic (half-open) level (optional, default 0)

#Then, open access-list to only allow specific type of TCP/UDP services, e.g DNS (UDP 53), and deny others.

access-list outside permit udp any host x.x.x.10 eq 53

access-list outside deny ip any any

#Bind the ACL to the outside interface:

access-group outside in interface outside

#Define/verify routing:

route outside x.x.x.1

*x.x.x.1 is the IP of the internet gateway

Static Map and Config guide:


*Look under "Using ACLs on PIX Versions 5.0.1 and Later"

PIX Config guide:






This Discussion