I've successfully set up the PIX to allow traffic inside to outside without a problem.
I'm having having trouble setting up ACL's for ports, say, 5631 through 5636 on single static IP address assigned by the ISP. Unable to ping to global IP.
I prefer not use conduits. I've setup a static route like so; static (inside,outside) 192.168.1.0 192.168.1.0 netmask 255.255.255.0 as the PIX is connected to a router on the outside that does all the NAT'ing. Did not use the NAT 0 method.
192.168.1.0 is the network IP of the inside LAN.
I've tried the following:
access-list pcany_data permit tcp any host 188.8.131.52 eq 5631
access-list pcany_status permit udp any host 184.108.40.206 eq 5632
access-group pcany_data in interface outside
access-group pcany_status in interface outside
The 211.236 etc. is the global IP assigned statically by my ISP.
Any comments regarding the syntax of these commands if they are incorrect or if there is another way.
A response encourages me to do likewise those that I can help out as well.
You say that the 211.236 etc. is the global IP assigned statically by your ISP. what about the station that run PCAnywhere? Is it inside PIX firewall? If yes who takes care of the NAT for that host? The cisco router? If yes then your access-lists should change and be like:
access-list pcany permit tcp any host 192.168.1.x eq 5631
access-list pcany permit udp any host 192.168.1.x eq 5632
What I didn't know at the time though is any number of rules are possible to add to one acl list name but trying to create mutiple acl's and then applying them in succession by access-group in interface command only applies the last acl name in the access-group overiding all those before it and is only applicable where muliple interfaces are available and dirrent acl's for each interface.
One problem is you can only have one access-list applied to an interface for each direction. You have tried to add two named access-list to the same interface in the same direction. If you do a wr t, only one should be listed.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :