08-08-2003 12:15 PM - edited 02-20-2020 10:55 PM
Hi,
My client want his computer bbb able to use Yahoo messager's
Webcam function behind the firewall, so I try to open the
port 5100 in PIX for his computer, however with no success,
then I try to open all TCP and UDP port in PIX but still no
success. Could you please check out the following
configuration and help me out on this situation.
Thanks in advance.
PIX Version 6.2(2)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password xxxxx encrypted
passwd xxxxxx encrypted
hostname xxxxHostname
domain-name xxxxDomain.com
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
names
access-list outside_in permit tcp any host 203.198.172.aaa eq smtp //mailserver aaa
access-list outside_in permit tcp any host 203.198.172.aaa eq pop3 //mailserver aaa
access-list outside_in permit icmp any any
access-list outside_in permit tcp any host 203.198.172.aaa eq 5900 //VNC
access-list outside_in permit tcp any host 203.198.172.bbb //TCP to bbb
access-list outside_in permit udp any host 203.198.172.bbb //
UDP to bbb
pager lines 24
logging on
logging buffered debugging
interface ethernet0 10baset
interface ethernet1 10full
mtu outside 1500
mtu inside 1500
ip address outside 203.198.172.fff 255.255.255.248 //Firewall outside IP fff
ip address inside 10.0.51.253 255.255.255.0 //Firewall inside
IP
ip audit info action alarm
ip audit attack action alarm
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 203.198.172.aaa 10.0.51.101 netmask 255.255.255.255 0 0 //static map mailserver aaa
static (inside,outside) 203.198.172.bbb 10.0.51.33 netmask 255.255.255.255 0 0 //static map to bbb
access-group outside_in in interface outside
route outside 0.0.0.0 0.0.0.0 203.198.172.rrr 1 //router IP rrr
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323
0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
aaa authentication ssh console LOCAL
http server enable
http 10.0.51.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
no sysopt route dnat
telnet 10.0.51.0 255.255.255.0 inside
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 5
username xxxx password xxxxx
encrypted privilege 2
terminal width 80
08-09-2003 02:08 AM
Hi Jeremy,
Have you tried:
> access-list inside permit tcp host
> access-list inside permit ip any any
> access-list inside in interface inside
Makesure the client IP address is a static address if you have DHCP running on the inside. And also, after configuring the inside ACL save with cmd 'write memory' and do cmd 'clear xlate'. Now try and see if you can run the formentioned service (yahoo webcam) from your clients PC.
Hope this helps and let me know how you get on.
08-12-2003 03:47 AM
Hi,
Thanks for your reply.
I have tried to add the followings.
access-list outside_in permit tcp any host 203.198.172.bbb eq 5100
access-list outside_in permit tcp any host 203.198.172.bbb eq 5050
access-list outside_in permit tcp any host 203.198.172.bbb eq 5001
access-list outside_in permit tcp any host 203.198.172.bbb eq 5101
access-list inside_out permit ip any any
access-list inside_out permit tcp host 10.0.51.33 any eq 5100
access-list inside_out permit tcp host 10.0.51.33 any eq 5050
access-list inside_out permit tcp host 10.0.51.33 any eq 5001
access-list inside_out permit tcp host 10.0.51.33 any eq 5101
access-group inside_out in interface inside
However while select Tools -> Start My Webcam on Yahoo messager, the same error prompted (Behind Firewall).
Any other suggestion?
Thanks for your help.
Best regards,
Jeremy Choi
08-12-2003 05:36 AM
Hi Jeremy,
I presume you have the access-group command for access-list outside_in applied as well i.e. access-group outside_in in interface outside
Also, what is the error message when you run webcam on the inside?
Thanks - Jay
08-12-2003 06:47 AM
Hi,
Thanks for your reply.
I have already the following entry.
access-group outside_in in interface outside
Do I need to add the following access-list?
access-list outside_in permit ip any any
While I try to run the webcam function, it just states that the computer is behind firewall and cannot use such the function.
Looking for your reply.
Best regards,
Jeremy Choi
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide