Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

PIX 501 issue: server port 80 still openned on ext interface, pls assist

Hi all,

I have a PIX 501 running ver6.3(4).

I have disabled PDM and HTTP server with following commands, and removed all pdm and http server statements.

pixfirewall(config)# no pdm history enable

pixfirewall(config)# no http server

I have no web servers in my network, no ACL to allow port 80 from outside interface.

But when I run the following command on a windows command prompt from a remote host.

C:\> telnet 80

I still get my tcp connection being established.

Is this a prob with PIX 501?


Re: PIX 501 issue: server port 80 still openned on ext interface

Could you post your config You could possibly have a nat translation in there somewhere.


New Member

Re: PIX 501 issue: server port 80 still openned on ext interface

Hi Patrick,

Below is my full config, I have no servers on this remote site so the only NAT is a PAT to a global addr.

PIX Version 6.3(4)

interface ethernet0 auto

interface ethernet1 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password MMMMMMMMMMMMMMMMMM encrypted

passwd NNNNNNNNNNNNNNNNN encrypted

hostname MMMMMMM


fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69


access-list acl_vpn permit ip

access-list acl_inside permit tcp any eq www

access-list acl_inside permit tcp any eq lotusnotes

access-list acl_inside permit icmp any

access-list acl_inside permit tcp host any eq ssh

access-list acl_inside permit tcp any eq domain

access-list acl_inside permit udp any eq domain

access-list acl_inside permit tcp any eq 1863

access-list acl_inside permit tcp any eq https

access-list acl_outside permit icmp any any

access-list acl_outside permit tcp any eq https

pager lines 24

logging on

logging trap debugging

logging host inside

mtu outside 1500

mtu inside 1500

ip address outside XXX.XXX.XXX.XXX

ip address inside

ip audit info action alarm

ip audit attack action alarm

no pdm history enable

arp timeout 14400

global (outside) 1 XXX.XXX.XXX.XXX

nat (inside) 0 access-list acl_vpn

nat (inside) 1 0 0

access-group acl_outside in interface outside

access-group acl_inside in interface inside

outbound 1 deny 80 ip

apply (inside) 1 outgoing_src

route outside XXX.XXX.XXX.XXX 1

timeout xlate 0:05:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

sysopt connection permit-ipsec

crypto ipsec transform-set myset esp-3des esp-md5-hmac

crypto map mymap 1 ipsec-isakmp

crypto map mymap 1 match address acl_vpn

crypto map mymap 1 set peer

crypto map mymap 1 set transform-set Lhoongset

crypto map mymap interface outside

isakmp enable outside

isakmp key ******** address netmask

isakmp identity address

isakmp policy 1 authentication pre-share

isakmp policy 1 encryption 3des

isakmp policy 1 hash md5

isakmp policy 1 group 1

isakmp policy 1 lifetime 3600

telnet inside

telnet timeout 5

ssh outside

ssh outside

ssh inside

ssh timeout 60

console timeout 0

dhcpd address inside

dhcpd dns

dhcpd lease 3600

dhcpd ping_timeout 750

dhcpd enable inside

username pixXXX password yyyyyyyyy encrypted privilege 2

terminal width 80


: end

Please assist.


CreatePlease to create content