Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Opened ports from outside of Pix

Hi All,

I would like to know which all ports are opened from outside to inside of a Pix.

Coz I have an access-list like this; "access-list acl-out permit ip host 192.168.10.100 host 172.16.1.50"

Now I have to open a port 7001 in our pix from the outside IP 192.168.10.100 to inside, so does the port 7001 is already permitted by the above ACL? or what config I need to do extra?

Thanks.

5 REPLIES
Gold

Re: Opened ports from outside of Pix

This ACL means you have opened all IP communication (includind all UDP and TCP ports)

for outside 192.168.10.10 to inside 172.16.1.50

M.

Re: Opened ports from outside of Pix

If it's going to 172.16.1.50, then you practically need to do nothing. All already permitted with 'permit ip host 192.168.10.100 host 172.16.1.50" statement.

Bronze

Re: Opened ports from outside of Pix

Since you have given "permit ip" in your ACL, this means that all ports are open if the host 192.168.10.100 wants to talk to 172.16.1.50.

You dont have to open the port 7001 explicitly in this case.

-Pls rate all helpful posts--

New Member

Re: Opened ports from outside of Pix

Assume I dont have the previous access-list and I need to open port 7001 for the same IP, the below ACL would work?

"access-list acl-out permit tcp host 192.168.10.100 host 172.16.1.50 eq 7001" or need anything more?

Re: Opened ports from outside of Pix

No, that's all you need. It will allow tcp session via 7001 to reach 172.16.1.50 from 192.168.10.100.

Just make sure you bind the whole 'acl-out' to the Outside interface using "access-group acl-out in interface outside".

Cheers!

AK

215
Views
16
Helpful
5
Replies
CreatePlease login to create content