Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
413
Views
0
Helpful
4
Replies

PIX 501 and pcAnywhere Access Rules

Go to solution
vdinenna71
Level 1
Level 1

‎06-27-2006 10:48 AM - edited ‎02-21-2020 01:00 AM

Hi,

I'm having a problem with setting up access for remote pcANywhere to access 2 servers on the inside network. I've created 2 static rules and 2 access-lists to start, but I cannot get thru to the server. These are the settings

static (inside,outside) tcp 7x.x.x.x 5631 172.16.x.x 5631 255.255.255.255

static (inside,outside) udp 7x.x.x.x 5632 172.16.x.x 5632 255.255.255.255

access-list inbound permit tcp any host 172.16.x.x eq 5631

access-list inbound permit udp any host 172.16.x.x eq 5632

access-group inbound in interface outside

Using PIX version 6.3

I've also tried terminal server access-list as an alternate method of access, but no go there either.

There are no other rules.

Any ideas why this might not work??

TIA

Vince

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
grant.maynard
Level 4
Level 4

‎06-27-2006 02:29 PM

your outside ACL should refer to the public IP of your servers:

access-list inbound permit tcp any host 7x.x.x.x eq 5631

access-list inbound permit udp any host 7x.x.x.x eq 5632

View solution in original post

0 Helpful
4 Replies 4

Go to solution
cpembleton
Level 4
Level 4

‎06-27-2006 12:45 PM

The ports needed for this to work change depending on the version of pcanywhere be used. Check the symantec site for the correct ports.

You can also change the ports it uses so you may want to check to see what is set.

0 Helpful

Go to solution
grant.maynard
Level 4
Level 4

‎06-27-2006 02:29 PM

your outside ACL should refer to the public IP of your servers:

access-list inbound permit tcp any host 7x.x.x.x eq 5631

access-list inbound permit udp any host 7x.x.x.x eq 5632

0 Helpful

Go to solution
vdinenna71
Level 1
Level 1
In response to grant.maynard

‎06-28-2006 11:51 AM

Thanks for the reply.

the ports are 5631 & 5632 for the version I'm using.

I made the acess-list changes, but still no connection. The 'show access-list' command shows no hits.

access-list inbound; 2 elements

access-list inbound line 1 permit udp any host 7x.x.x.x eq pcanywhere-status (hitcnt=0)

access-list inbound line 2 permit tcp any host 7x.x.x.x eq pcanywhere-data (hitcnt=0)

Could there also be something wrong with the static translation?

Thanks,

Vince

0 Helpful

Go to solution
vdinenna71
Level 1
Level 1
In response to vdinenna71

‎06-28-2006 01:41 PM

Figured it out.

Changing to the proper global IP helped.

What happened was the access-group entry went away.

I was working remotley and did not save the settings so that if there were problems, I could just reload.

I had to reload, that's when the entry went away and then I put in the global IPs without re-entering the access-group entry.

Thanks for your help!!!

Vince

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card