Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

How do I open for port 7205 from DMZ to the inside

I have a pix 515

How do I open for port 7205 from DMZ server(192.168.100.2) to the inside server (192.168.0.248)

--------------

PIX Version 6.0(1)

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 DMZ security50

fixup protocol ftp 21

fixup protocol http 80

fixup protocol h323 1720

fixup protocol rsh 514

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol sip 5060

fixup protocol skinny 2000

names

access-list nonat permit ip 192.168.0.0 255.255.255.0 192.168.100.0 255.255.255.0

access-list nonat permit ip 192.168.0.0 255.255.255.0 192.168.2.0 255.255.255.0

access-list nonat permit ip 192.168.200.0 255.255.255.0 192.168.2.0 255.255.255.0

access-list nonat permit ip 192.168.200.0 255.255.255.0 192.168.100.0 255.255.255.0

access-list fromoutside permit tcp any host 195.215.212.76 eq www

access-list fromoutside permit tcp any host 195.215.212.77 eq smtp

access-list fromoutside permit icmp any any echo

access-list fromoutside permit icmp any any echo-reply

access-list fromoutside permit icmp any any unreachable

access-list fromoutside permit icmp any any source-quench

access-list fromoutside permit tcp any host 195.215.212.78 eq smtp

pager lines 24

logging on

logging trap informational

logging history informational

interface ethernet0 auto

interface ethernet1 auto

interface ethernet2 auto

mtu outside 1500

mtu inside 1500

mtu DMZ 1500

ip address outside 195.215.212.74 255.255.255.248

ip address inside 192.168.0.254 255.255.255.0

ip address DMZ 192.168.100.254 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

ip local pool ippool 192.168.2.1-192.168.2.254

pdm history enable

arp timeout 14400

global (outside) 1 195.215.212.75

nat (inside) 0 access-list nonat

nat (inside) 1 192.168.0.0 255.255.255.0 0 0

nat (inside) 1 192.168.200.0 255.255.255.0 0 0

static (DMZ,outside) 195.215.212.76 192.168.100.1 netmask 255.255.255.255 0 0

static (inside,outside) 195.215.212.77 192.168.0.6 netmask 255.255.255.255 0 0

static (inside,outside) 195.215.212.78 192.168.200.245 netmask 255.255.255.255 0 0

access-group fromoutside in interface outside

route outside 0.0.0.0 0.0.0.0 195.215.212.73 1

route inside 192.168.200.0 255.255.255.0 192.168.0.200 1

timeout xlate 1:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

sysopt connection permit-ipsec

no sysopt route dnat

crypto ipsec transform-set myset esp-des esp-md5-hmac

crypto dynamic-map dynmap 10 set transform-set myset

crypto map mymap 10 ipsec-isakmp dynamic dynmap

crypto map mymap interface outside

isakmp enable outside

isakmp identity address

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

---snip---

Best Regards

Ole Kyrstein

1 REPLY
Gold

Re: How do I open for port 7205 from DMZ to the inside

Hi Ole,

you will require a static and access-list, please read the following URL for guide. The guide is for pix 6.1

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_61/cmd_ref/s.htm#1026694

and this URL might be of help too:

http://www.cisco.com/warp/public/707/28.html

Remember, if you modify static,ACL's makesure to save with command 'write memory' and also clear translations with command 'clear xlate' to make the new rules active.

Thanks- Jay

176
Views
0
Helpful
1
Replies
CreatePlease to create content