Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX newbee question

Hello,

bear with me on a question that many should know.

I want to allow any access to tcp port 3782 from the outside to any inside.

i have a PIX 501,

would i use the command that follows?

conduit permit tcp any eq 3782 any

Thank you,

Mark

3 REPLIES
New Member

Re: PIX newbee question

To pass from low security interface (outside) to high security interface (inside) you should have a STATIC statement for each host inside your network. CONDUIT & STATIC are an inseparable pair of commands. This means you must have one public address mapped with each internal addresses. It's completely unsecure. You should never have a direct path from outside to inside. In your case, you talk about as many path as inside host. Don't do that.

Look for something else.

Regards

Ben

New Member

Re: PIX newbee question

What I am trying to do is allow my internal ip to be a server for a software program called "Roger Wilco" and allows others outside to connect to me inside.

It's a freeware voice over ip program.

Any ideas how I can do this as secure as possible would be appreciated.

Anonymous
N/A

Re: PIX newbee question

Mark...

The aerlier person is more or less correct...

Translation has to happen before you can permit traffic to you inside server...What makes your single conduit statement insecure is the fact that you don't state the destination IP address...

So do a static from the inside ip address to an outside ip address (this allows the PIX to act on behalf of your server). Then permit that port to that outside address only...That's very acceptible.

C-

77
Views
0
Helpful
3
Replies