Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX 501 and pcAnywhere Access Rules

Hi,

I'm having a problem with setting up access for remote pcANywhere to access 2 servers on the inside network. I've created 2 static rules and 2 access-lists to start, but I cannot get thru to the server. These are the settings

static (inside,outside) tcp 7x.x.x.x 5631 172.16.x.x 5631 255.255.255.255

static (inside,outside) udp 7x.x.x.x 5632 172.16.x.x 5632 255.255.255.255

access-list inbound permit tcp any host 172.16.x.x eq 5631

access-list inbound permit udp any host 172.16.x.x eq 5632

access-group inbound in interface outside

Using PIX version 6.3

I've also tried terminal server access-list as an alternate method of access, but no go there either.

There are no other rules.

Any ideas why this might not work??

TIA

Vince

1 ACCEPTED SOLUTION

Accepted Solutions

Re: PIX 501 and pcAnywhere Access Rules

your outside ACL should refer to the public IP of your servers:

access-list inbound permit tcp any host 7x.x.x.x eq 5631

access-list inbound permit udp any host 7x.x.x.x eq 5632

4 REPLIES
Silver

Re: PIX 501 and pcAnywhere Access Rules

The ports needed for this to work change depending on the version of pcanywhere be used. Check the symantec site for the correct ports.

You can also change the ports it uses so you may want to check to see what is set.

Re: PIX 501 and pcAnywhere Access Rules

your outside ACL should refer to the public IP of your servers:

access-list inbound permit tcp any host 7x.x.x.x eq 5631

access-list inbound permit udp any host 7x.x.x.x eq 5632

New Member

Re: PIX 501 and pcAnywhere Access Rules

Thanks for the reply.

the ports are 5631 & 5632 for the version I'm using.

I made the acess-list changes, but still no connection. The 'show access-list' command shows no hits.

access-list inbound; 2 elements

access-list inbound line 1 permit udp any host 7x.x.x.x eq pcanywhere-status (hitcnt=0)

access-list inbound line 2 permit tcp any host 7x.x.x.x eq pcanywhere-data (hitcnt=0)

Could there also be something wrong with the static translation?

Thanks,

Vince

New Member

Re: PIX 501 and pcAnywhere Access Rules

Figured it out.

Changing to the proper global IP helped.

What happened was the access-group entry went away.

I was working remotley and did not save the settings so that if there were problems, I could just reload.

I had to reload, that's when the entry went away and then I put in the global IPs without re-entering the access-group entry.

Thanks for your help!!!

Vince

170
Views
0
Helpful
4
Replies
CreatePlease login to create content