Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

enabling Port 3101 for blackberry srp server

Hi im trying to enable port 3101 on my pix firewall. This is the command im typing

"access-list INSIDE permit tcp host 193.109.81.33 eq 3101"

But it's telling me "missing command argument(s)" so obviously im missing something out. Could someone please point me in the right direction to sort this out pls?

Thanks

Will

8 REPLIES

Re: enabling Port 3101 for blackberry srp server

This questions comes up in the forum every week. Read down.

And don't forget a PIX ACL must have a source and destination IP address - where is your source?

New Member

Re: enabling Port 3101 for blackberry srp server

apologies for not reading down.

The source is a server on my internal network trying to accesss that ip number via that port.

Re: enabling Port 3101 for blackberry srp server

ok, so you'll ACL entry would be:

access-list INSIDE permit tcp host YOUR_SERVER_IP host 193.109.81.33 eq 3101

Gold

Re: enabling Port 3101 for blackberry srp server

Do...

access-list inside permit tcp host host 193.109.81.33 eq 3101

access-group inside in interface inside

Save with - write mem and also issue clear xlate

New Member

Re: enabling Port 3101 for blackberry srp server

when i add in this command it stops everyone getting out on to the internet through my isa server. I ran these command using the conf t command so i just reset the firewall and everything was ok after the reset.

My the way im very new to using pix firewall so apologies if i haven't got the terminology correct.

Pls can someone still help me?

thanks

Gold

Re: enabling Port 3101 for blackberry srp server

Can you post your PIX config, take out any sensitive info.

Jay

New Member

Re: enabling Port 3101 for blackberry srp server

here you go jay

Gold

Re: enabling Port 3101 for blackberry srp server

Copy all your inside ACLs onto notepad and edit the ACLs so that you have the required

ACL for BES added (see below), add 'no access-list INSIDE' as the first line on your edited ACL configuration (as below).

Now in configuration mode on the PIX, paste back the edited configuration. Your BES server MUST have direct access to the internet.

no access-list INSIDE

access-list INSIDE permit tcp host .1.22 any eq telnet

access-list INSIDE permit udp host .1.21 any eq domain

access-list INSIDE permit tcp host .1.21 any eq telnet

access-list INSIDE permit udp host .1.21 any eq 1604

access-list INSIDE permit tcp host .1.21 any eq citrix-ica

access-list INSIDE permit udp host .1.22 any eq domain

access-list INSIDE permit udp host .1.21 any eq 4000

access-list INSIDE permit tcp host .1.21 any eq 1863

access-list INSIDE permit tcp host .1.21 gt 1023 any gt 1023

access-list INSIDE permit ip .0.0 255.255.0.0 172.17.0.0 255.255.0.0

access-list INSIDE permit ip .0.0 255.255.0.0 .0.0 255.255.0.0

access-list INSIDE permit tcp host .1.28 any eq ftp

access-list INSIDE permit udp host .1.34 any eq domain

access-list INSIDE permit tcp host .1.34 any eq smtp

access-list INSIDE permit tcp host .1.34 any eq www

access-list INSIDE permit tcp host .1.34 any eq https

access-list INSIDE permit tcp host .1.34 any eq ftp

access-list INSIDE permit tcp host .1.21 any eq www

access-list INSIDE permit tcp host .1.21 any eq https

access-list INSIDE permit tcp host .1.21 any eq ftp

access-list INSIDE permit ip .0.0 255.255.0.0 .10.0 255.255.255.0

access-list INSIDE permit tcp host .1.28 any eq www

access-list INSIDE permit tcp host .1.36 any eq smtp

access-list INSIDE permit tcp host .1.25 any eq smtp

access-list INSIDE permit tcp host host 193.109.81.33 eq 3101

access-group INSIDE in interface inside

Save with: write mem and also issue: clear xlate

Jay

518
Views
0
Helpful
8
Replies
CreatePlease login to create content