Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Pix 506e 6.1(4) and range of udp ports

Hi all,

I think i know the answer to this but i will try anyway, i support a pix 506e ver 6.1(4) (yes i know its old), which has been fine for what it needs to do for the last several years. However i now need to open a range of ports to a host on the internal network. I know how to setup a mapping for a small number of ports ( i use access-lists and static in,out) however i cannot see if there is a way to include a range of ports in the static command. Is this possible ?. If not is there another way that could be used. Ive used the range command in the access-list but cannot see how to tie this into a static command. There is no current maintenance on this pix.

I can provide a listing if required. I've done a google for various ideas but nothing comes up apart from the obvious upgrade solution.

3 REPLIES

Re: Pix 506e 6.1(4) and range of udp ports

Unfortunately, note even upgrading your pix will your be able to tie a range or ports to a single static entry. You will need to use static port mapping for each of the ports on the range.

New Member

Re: Pix 506e 6.1(4) and range of udp ports

Thanks for the reply. I'm not sure i fully understand it though. There must be a way of port forwarding a range of ports other than by access-list and static mapping to particular internal hosts. I know pix ver 6.3 has object-groups (?) that can be used. All i want to do is portward a very large number of ports to one particular host (in the order of 10000).

Re: Pix 506e 6.1(4) and range of udp ports

Sorry, I wish I could give you anonther answer, there is no way to do a port forward via a static for a range of ports other than adding each port with the static port map:

http://www.cisco.com/en/US/docs/security/pix/pix61/command/reference/s.html#wp1026694

Your best option would be to just create a one to one translation which will cover all of the ports in the range

164
Views
0
Helpful
3
Replies
CreatePlease login to create content