We have a PIX525 running 6.3(4). We are trying to get applications that run on dynamic UDP ports to work with out success. We have added all statements to our outside ACL but they dont seem to have any effect.
This is because the traffic being initiated from the inside will have the destination port as the udp ports above which means traffic returning from the destination host, through the pix to the source host will have the source ports of the udp port numbers above.
Having said that, if the traffic is being initiated from a host on the outside of the pix, and the traffic is trying to traverse the pix from outside to inside, then your access-list is correct (although it might be a good idea to put an explicit deny ip any any log on the end, just to see drops). What you're missing in that regard would be static port forwards which tell the pix where to send the traffic on the inside interface once it has entered the outside interface.
For example, lets assume that an outside host wants to get to udp port 1500 on a server hidden behind the pix (in this exampl 172.16.0.10). The outside host would need to connect to the pix's outside address with destination port 1500. The pix needs to be told where to then send the request on the inside network.
That command tells the pix to translate any udp queries hitting the outside interface on port 1500 to translate the destination address to the device 172.16.0.10 and send it on its way to the inside interface.
Hope that helps, if it does can you please rate the post?
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...