Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
402
Views
0
Helpful
4
Replies

PIX 501 static map to enable Yahoo message' webcam

jeremy
Level 1
Level 1

‎08-08-2003 12:15 PM - edited ‎02-20-2020 10:55 PM

Hi,

My client want his computer bbb able to use Yahoo messager's

Webcam function behind the firewall, so I try to open the

port 5100 in PIX for his computer, however with no success,

then I try to open all TCP and UDP port in PIX but still no

success. Could you please check out the following

configuration and help me out on this situation.

Thanks in advance.

PIX Version 6.2(2)

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password xxxxx encrypted

passwd xxxxxx encrypted

hostname xxxxHostname

domain-name xxxxDomain.com

fixup protocol ftp 21

fixup protocol http 80

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol ils 389

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sqlnet 1521

fixup protocol sip 5060

fixup protocol skinny 2000

no fixup protocol smtp 25

names

access-list outside_in permit tcp any host 203.198.172.aaa eq smtp //mailserver aaa

access-list outside_in permit tcp any host 203.198.172.aaa eq pop3 //mailserver aaa

access-list outside_in permit icmp any any

access-list outside_in permit tcp any host 203.198.172.aaa eq 5900 //VNC

access-list outside_in permit tcp any host 203.198.172.bbb //TCP to bbb

access-list outside_in permit udp any host 203.198.172.bbb //

UDP to bbb

pager lines 24

logging on

logging buffered debugging

interface ethernet0 10baset

interface ethernet1 10full

mtu outside 1500

mtu inside 1500

ip address outside 203.198.172.fff 255.255.255.248 //Firewall outside IP fff

ip address inside 10.0.51.253 255.255.255.0 //Firewall inside

IP

ip audit info action alarm

ip audit attack action alarm

pdm logging informational 100

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

static (inside,outside) 203.198.172.aaa 10.0.51.101 netmask 255.255.255.255 0 0 //static map mailserver aaa

static (inside,outside) 203.198.172.bbb 10.0.51.33 netmask 255.255.255.255 0 0 //static map to bbb

access-group outside_in in interface outside

route outside 0.0.0.0 0.0.0.0 203.198.172.rrr 1 //router IP rrr

timeout xlate 0:05:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323

0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

aaa authentication ssh console LOCAL

http server enable

http 10.0.51.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

no sysopt route dnat

telnet 10.0.51.0 255.255.255.0 inside

telnet timeout 5

ssh 0.0.0.0 0.0.0.0 outside

ssh timeout 5

username xxxx password xxxxx

encrypted privilege 2

terminal width 80

0 Helpful
4 Replies 4

jmia
Level 7
Level 7

‎08-09-2003 02:08 AM

Hi Jeremy,

Have you tried:

> access-list inside permit tcp host any eq 5100

> access-list inside permit ip any any

> access-list inside in interface inside

Makesure the client IP address is a static address if you have DHCP running on the inside. And also, after configuring the inside ACL save with cmd 'write memory' and do cmd 'clear xlate'. Now try and see if you can run the formentioned service (yahoo webcam) from your clients PC.

Hope this helps and let me know how you get on.

0 Helpful

jeremy
Level 1
Level 1
In response to jmia

‎08-12-2003 03:47 AM

Hi,

Thanks for your reply.

I have tried to add the followings.

access-list outside_in permit tcp any host 203.198.172.bbb eq 5100

access-list outside_in permit tcp any host 203.198.172.bbb eq 5050

access-list outside_in permit tcp any host 203.198.172.bbb eq 5001

access-list outside_in permit tcp any host 203.198.172.bbb eq 5101

access-list inside_out permit ip any any

access-list inside_out permit tcp host 10.0.51.33 any eq 5100

access-list inside_out permit tcp host 10.0.51.33 any eq 5050

access-list inside_out permit tcp host 10.0.51.33 any eq 5001

access-list inside_out permit tcp host 10.0.51.33 any eq 5101

access-group inside_out in interface inside

However while select Tools -> Start My Webcam on Yahoo messager, the same error prompted (Behind Firewall).

Any other suggestion?

Thanks for your help.

Best regards,

Jeremy Choi

0 Helpful

jmia
Level 7
Level 7
In response to jeremy

‎08-12-2003 05:36 AM

Hi Jeremy,

I presume you have the access-group command for access-list outside_in applied as well i.e. access-group outside_in in interface outside

Also, what is the error message when you run webcam on the inside?

Thanks - Jay

0 Helpful

jeremy
Level 1
Level 1
In response to jmia

‎08-12-2003 06:47 AM

Hi,

Thanks for your reply.

I have already the following entry.

access-group outside_in in interface outside

Do I need to add the following access-list?

access-list outside_in permit ip any any

While I try to run the webcam function, it just states that the computer is behind firewall and cannot use such the function.

Looking for your reply.

Best regards,

Jeremy Choi

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card