I got a Tivo for Christmas and I'm trying to open the appropriate ports on my PIX 501 to allow it to communicate with the Tivo service. The Tivo knowlege base says I need to open these ports for inbound and outboud access:
- TCP 37,2190,4430, 7287-7288, 8000, 8080-8090
- UDP 123, 2190
I'm trying to set up an access list that only allows access over these ports to my Tivo box (internal IP 192.168.1.11) and prohibits access to other hosts on my inside interface over those same ports.
I tried to set up an access-list using the following config commands, but it's not working.
name 192.168.1.2 Neptune
name 192.168.1.11 Tivo01
access-list acl-in permit tcp any host Tivo01 eq 37
access-list acl-in permit tcp any host Tivo01 eq 2190
access-list acl-in permit tcp any host Tivo01 eq 4430
access-list acl-in permit tcp any host Tivo01 range 7287 7288
access-list acl-in permit tcp any host Tivo01 eq 8000
access-list acl-in permit tcp any host Tivo01 range 8080 8089
access-list acl-in permit udp any host Tivo01 eq ntp
access-list acl-in permit udp any host Tivo01 eq 2190
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
access-group acl-in in interface outside
route outside 0.0.0.0 0.0.0.0 18.104.22.168 1
A debug trace when I attempt to connect from the tivo box to the tivo service includes the following suspicious entry:
710005: UDP request discarded from 192.168.1.11/2190 to inside:192.168.1.255/2190
Any thoughts on what's going on? A missing routing entry perhaps?? It almost looks like the Tivo's UDP request is getting broadcast to hosts on my internal LAN, but not getting routed outside??
BTW: Normal web traffic (inside clients hitting external web servers) works with no problems.
The Tivo is on the Inside interface (192.168.1.x subnet). The Tivo's IP is 192.168.1.11. The PIX has a public external IP of 69.73.xx.xx. It's internal (gateway) address is 192.168.1.1.
I was expecting that the PIX would route outgoing requests from the Tivo to it's outside interface, but it appears to be dropping them. Not sure why. Similarly, I had expected the PIX to translaste/route responses from the Tivo server on the outside network to the correct internal (NAT'd) IP.
I suspect I've got a routing issue, but I'm not sure what I need to do to solve it.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...