I put this thread in the remote access area as well because of the port I am having trouble forwarding through the PIX.
What I'm trying to do is forward port 3389 (windows terminal services) to a W2k server. I tried using access list settings in the GUI for this to no avail and I'm not familiar enough with PIX CLI to accomplish this yet.
b) allow (only) port 3389 to pass on this connnection
conduit permit tcp host 220.127.116.11 eq 3389 any
That should do it, assuming that the W2k box does not require any other open ports. Nevertheless, this, in my (paranoid) opinion, would be to compromise a good firewall as best practice is to *NEVER* to have any port open from the outside to the inside, but that a whole new thred we would have to open just for that discussion....
Thanks a bunch Goran. I think that'll do it. I am somewhat familiar with the CLI. However, conduit commands are still a bit shaky... The funny thing about this one is that I was just told to replace the PIX with a NetScreen 5xp because that is what the client was expecting. Well, I guess I'll go ahead and stick it before our corporate LAN in which our MS guys use the W2k TS anyway.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...