06-29-2006 02:47 AM - edited 02-21-2020 01:00 AM
hi,
im a newbie to using a pix firewall and i would like someone to help point me in the right direction? I need to enable port 3101 for my blackberry server. I have the enable password for the pix firewall but a bit stuck with where to go now. Tired using PDM to config the ports.
Any Help would be great.
Thanks
06-29-2006 03:48 AM
Hi,
In order to allow traffic from higher-security zone to a lower-security zone, you need to have 2 things configured:
1- Static translation for your server as follows:
static (dmz,outside) x.x.x.x y.y.y.y netmask 255.255.255.255
where x.x.x.x is the public IP which you want to reach the server through and y.y.y.y is the IP of your blackberry server.
2- ACL to allow traffic to the server:
access-list out_access_in permit tcp any host x.x.x.x eq 3101
Finally, dont forget to enable the acl on your outisde interface through this command:
access-group out_access_in in interface outside
Good Luck,
Haitham
06-29-2006 03:54 AM
In my experience you only need to allow your BB server to get to the internet, you do not need to allow the internet BB to get to you. So I don't think you need a static NAT for the server, you could use "nat" and "global" instead, and you need to look at the ACL on the inside.
Somthing like:
nat (inside) 1 0.0.0.0 0.0.0.0 0 100
global (outside) 1 interface
access-list in_inside permit tcp host your_BB_IP host internet_BB_IP eq 3101
do "show acess-group" first to see what the inside ACL (if any) is called.
06-29-2006 05:32 AM
My inside ACL is called inside.
Is this correct? im typing
access-list inside permit tcp host x.x.x.x eq 3101
x=my BB server's IP address
Like i said im very new to cisco so apologise if im asking a very simple question.
thanks
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: