Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX RAS Config

I have an interface on my PIX520 assigned to my RAS dial up network. Presently, I have all ports opened up for traffic coming from that RAS interface to my inside. I need to determine which ports I need to keep open to allow my dial up users to work. Does anyone have suggestions or a config similiar to this who can help me out ?


  • Other Security Subjects
New Member

Re: PIX RAS Config

It depends on what services they’re accessing. We have our RAS on the inside behind our PIX so we don’t have to open holes through the firewall. Depending on your topology, this may or may not work for you. In any case, determine what applications they’re using (NetBios, WINS, HTTP, Telnet, FTP, etc.) and open up the ports and protocols specifically.

New Member

Re: PIX RAS Config

I'd put a protocol analyzer in place with the RAS device, and see what traffic patterns you end up with. You'd probably be able to make some good conclusions in a few days as to what ports should be open.