Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Opening a port for SAP on PIX 506

I am having SAP servers on my network which I need external users to use , what access-list command should I be using for that. SAP uses tcp port 3200.

access-list 111 tcp ???

Also how can I can check if my firewall is stopping all unauthorized access ??

4 REPLIES
New Member

Re: Opening a port for SAP on PIX 506

You have to setup a static translation for each internal SAP server and create an access-list that states who can access what. the following example assumes:

internal server address : 172.16.1.1

external ip address for internal server: 200.1.1.1

external IP address that can access the server: 204.2.2.2 and 204.3.3.3

static (inside,outside) 200.1.1.1 172.16.1.1 netmask 255.255.255.255

access-list inbound permit tcp host 204.2.2.2 host 200.1.1.1 eq 3200

access-list inbound permit tcp host 204.3.3.3 host 200.1.1.1 eq 3200

access-group inbound in interface outside

I hope this helps.

New Member

Re: Opening a port for SAP on PIX 506

Thanks that would really help, but the locations who are going to access my SAP servers do not have a static IP.

Also is there any way I can check whether my access-list are correct & unauthorized access is not allowed.

New Member

Re: Opening a port for SAP on PIX 506

In that case you need to use the 'any' keyword for the source IP addresses.

To verify if your acl entries are correct, you need to have it checked by a experienced PIX person.

New Member

Re: Opening a port for SAP on PIX 506

Thanks buddy....that did work superbly

thanks again.

183
Views
0
Helpful
4
Replies