Allow NFS from a DMZ to Inside trought a PIX

PASCAL DECK · ‎10-20-2008

Hello,

Trying to allow NFS access from a DMZ host to an Inside NFS Server, I got "% Invalid Hostname" Message when configuring Access Rule.

That append when I add "eq nfs" to ACL.

It's regarding HA 515E PIX firewalls, with context configuration and PIX version 7.2(4).

Any help will be appreciate.

Thank you for your collaboration and best regards.

husycisco · ‎10-20-2008

Hello Pascal,

Most probably, you are missing or you have a typo in ACE. Here is an example

access-list dmz_access_in permit tcp host 172.16.10.1 host 192.168.20.1 eq nfs

If doesnt work, please post the full text you type for ACL

Regards

PASCAL DECK · ‎10-20-2008

Hello Huseyin,

Thank for the reply.

Of course I checked that the command is correct.

I also introduce the access rule by using ASDM with the same result.

Hereafter the outputs:

PROD(config)# access-list DMZ-PUBLIC_access_in_V1 line 19 extended permit tcp host 172.16.10.1 host 192.168.20.1 eq nfs log 6 interval 300

access-list DMZ-PUBLIC_access_in_V1 line 19 extended permit tcp host 172.16.10.1 host 192.168.20.1 eq nfs log 6 interval 300

^

ERROR: % Invalid Hostname

After I tried with the port number 2049 instead of keyword "nfs" and all is working fine.

That mean the access rule have to be entered in CLI mode with the port number 2049 instead of keyword "nfs". After, in ASDM, the rule is displayed with the "nfs" keyword.

It's OK now. Thank you for your collaboration and best regards.