Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

how to enable a port on a pix firewall

hi,

im a newbie to using a pix firewall and i would like someone to help point me in the right direction? I need to enable port 3101 for my blackberry server. I have the enable password for the pix firewall but a bit stuck with where to go now. Tired using PDM to config the ports.

Any Help would be great.

Thanks

3 REPLIES
New Member

Re: how to enable a port on a pix firewall

Hi,

In order to allow traffic from higher-security zone to a lower-security zone, you need to have 2 things configured:

1- Static translation for your server as follows:

static (dmz,outside) x.x.x.x y.y.y.y netmask 255.255.255.255

where x.x.x.x is the public IP which you want to reach the server through and y.y.y.y is the IP of your blackberry server.

2- ACL to allow traffic to the server:

access-list out_access_in permit tcp any host x.x.x.x eq 3101

Finally, dont forget to enable the acl on your outisde interface through this command:

access-group out_access_in in interface outside

Good Luck,

Haitham

Re: how to enable a port on a pix firewall

In my experience you only need to allow your BB server to get to the internet, you do not need to allow the internet BB to get to you. So I don't think you need a static NAT for the server, you could use "nat" and "global" instead, and you need to look at the ACL on the inside.

Somthing like:

nat (inside) 1 0.0.0.0 0.0.0.0 0 100

global (outside) 1 interface

access-list in_inside permit tcp host your_BB_IP host internet_BB_IP eq 3101

do "show acess-group" first to see what the inside ACL (if any) is called.

New Member

Re: how to enable a port on a pix firewall

My inside ACL is called inside.

Is this correct? im typing

access-list inside permit tcp host x.x.x.x eq 3101

x=my BB server's IP address

Like i said im very new to cisco so apologise if im asking a very simple question.

thanks

266
Views
0
Helpful
3
Replies