How to permit PCAnywhere connections through a PIX/ASA Firewall


Wed, 02/09/2011 - 21:22
Jun 18th, 2009

Core issue

In some situations, it may be necessary to permit access to a device through a PIX/ASA Firewall using PCAnywhere. By default, such connections are denied, so you must configure the PIX/ASA to allow PCAnywhere traffic to be permitted from the outside interface to the inside interface.


In most PIX/ASA scenarios, the inside interface and network uses private addressing, while the outside interface and network uses public addressing. Therefore, a static mapping must be created to establish the relationship between the outside and inside addresses. Moreover, an Access Control List (ACL) must define the traffic that is permitted through the PIX/ASA.

PCAnywhere uses ports 5631 (Data port or Transmission Control Protocol [TCP]) and 5632 (Status port or User Datagram Protocol [UDP]) to communicate. Therefore, these ports must be explicitly permitted on the PIX.

Consider the example of a device on the inside interface of the firewall with an IP address of, which is mapped to an external (global) IP address of In this case, traffic destined for arrives at the firewall, is translated to, and is passed to the inside interface.

Based on the above factors, the configuration necessary for this scenario follows:

static(inside,outside) netmask
! --- The static mapping between (outside address) and (inside address).
access-list 101 permit tcp any host eq 5631
! --- Permits TCP traffic to, port 5631.
access-list 101 permit udp any host eq 5632
! --- Permits UDP traffic to, port 5632.
access-group 101 in interface outside
! --- Apply ACL 101 to the outside interface.

To configure the same in PDM refer to Cisco PIX Device Manager 3.0.

Problem Type

Connectivity through the device

How to (General Information)

Product Family

ASA Hardware & Software

Firewall - PIX 500 series

PIX Software Version

PIX version 7.x

PIX version 4.x

PIX version 5.x

PIX version 6.x

PIX Device Manager Software Version


ASA Software Version




PIX Model

PIX 500 Series Firewall

ASA Models

ASA 5500

ASA 5510

ASA 5520

ASA 5540

Features & Tasks

Remote PC access


This Document

Related Content