How to permit PCAnywhere connections through a PIX/ASA Firewall

Document

Jun 18, 2009 3:52 PM
Jun 18th, 2009

Core issue

In some situations, it may be necessary to permit access to a device through a PIX/ASA Firewall using PCAnywhere. By default, such connections are denied, so you must configure the PIX/ASA to allow PCAnywhere traffic to be permitted from the outside interface to the inside interface.

Resolution

In most PIX/ASA scenarios, the inside interface and network uses private addressing, while the outside interface and network uses public addressing. Therefore, a static mapping must be created to establish the relationship between the outside and inside addresses. Moreover, an Access Control List (ACL) must define the traffic that is permitted through the PIX/ASA.

PCAnywhere uses ports 5631 (Data port or Transmission Control Protocol [TCP]) and 5632 (Status port or User Datagram Protocol [UDP]) to communicate. Therefore, these ports must be explicitly permitted on the PIX.

Consider the example of a device on the inside interface of the firewall with an IP address of 10.1.1.10, which is mapped to an external (global) IP address of 151.1.1.8. In this case, traffic destined for 151.1.1.8 arrives at the firewall, is translated to 10.1.1.10, and is passed to the inside interface.

Based on the above factors, the configuration necessary for this scenario follows:

static(inside,outside) 151.1.1.8 10.1.1.10 netmask 255.255.255.255
! --- The static mapping between 151.1.1.8 (outside address) and 10.1.1.10 (inside address).
access-list 101 permit tcp any host 151.1.1.8 eq 5631
! --- Permits TCP traffic to 151.1.1.8, port 5631.
access-list 101 permit udp any host 151.1.1.8 eq 5632
! --- Permits UDP traffic to 151.1.1.8, port 5632.
access-group 101 in interface outside
! --- Apply ACL 101 to the outside interface.

To configure the same in PDM refer to Cisco PIX Device Manager 3.0.

Problem Type

Connectivity through the device

How to (General Information)

Product Family

ASA Hardware & Software

Firewall - PIX 500 series

PIX Software Version

PIX version 7.x

PIX version 4.x

PIX version 5.x

PIX version 6.x

PIX Device Manager Software Version

3.0

ASA Software Version

7.0

7.1

7.2

PIX Model

PIX 500 Series Firewall

ASA Models

ASA 5500

ASA 5510

ASA 5520

ASA 5540

Features & Tasks

Remote PC access

Average Rating: 0 (0 ratings)

Actions

Login or Register to take actions

This Document

Posted June 18, 2009 at 3:52 PM
Stats:
Comments:0 Avg. Rating:0
Views:2329 Contributors:0
Shares:0

Related Content

Documents Leaderboard