Re: how to enable a port on a pix firewall

willgerrish · ‎06-29-2006

hi,

im a newbie to using a pix firewall and i would like someone to help point me in the right direction? I need to enable port 3101 for my blackberry server. I have the enable password for the pix firewall but a bit stuck with where to go now. Tired using PDM to config the ports.

Any Help would be great.

Thanks

haithamnofal · ‎06-29-2006

Hi,

In order to allow traffic from higher-security zone to a lower-security zone, you need to have 2 things configured:

1- Static translation for your server as follows:

static (dmz,outside) x.x.x.x y.y.y.y netmask 255.255.255.255

where x.x.x.x is the public IP which you want to reach the server through and y.y.y.y is the IP of your blackberry server.

2- ACL to allow traffic to the server:

access-list out_access_in permit tcp any host x.x.x.x eq 3101

Finally, dont forget to enable the acl on your outisde interface through this command:

access-group out_access_in in interface outside

Good Luck,

Haitham

grant.maynard · ‎06-29-2006

In my experience you only need to allow your BB server to get to the internet, you do not need to allow the internet BB to get to you. So I don't think you need a static NAT for the server, you could use "nat" and "global" instead, and you need to look at the ACL on the inside.

Somthing like:

nat (inside) 1 0.0.0.0 0.0.0.0 0 100

global (outside) 1 interface

access-list in_inside permit tcp host your_BB_IP host internet_BB_IP eq 3101

do "show acess-group" first to see what the inside ACL (if any) is called.

willgerrish · ‎06-29-2006

My inside ACL is called inside.

Is this correct? im typing

access-list inside permit tcp host x.x.x.x eq 3101

x=my BB server's IP address

Like i said im very new to cisco so apologise if im asking a very simple question.

thanks