cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
538
Views
10
Helpful
5
Replies

Port Access

lexiainfo
Level 1
Level 1

On some of my internal machines requires a access to this ip address(203.13.163.xxx) in particular port access 4569 for IAX.

Please advice how do i open. I request only expertise to answer my question.

Thanks

5 Replies 5

jackko
Level 7
Level 7

pix by default will permit all outbound traffic.

if there is an outbound acl applied on the pix inside interface, then add the entry below to the existing outbound acl,

access-list outbound permit tcp host host 203.13.163.xxx eq 4569

you may replace the protocol with udp, depends on the iax requirement.

also need to verify the nat/global statement.

e.g.

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

I have added the following command. After adding the above commands i try to ping from IP 192.168.0.110 to 203.13.163.xxx its saying request timeout.

access-list outbound permit tcp host 192.168.0.110 host 203.13.163.xxx eq 4569

access-list outbound permit udp host 192.168.0.110 host 203.13.163.xxx eq 4569

Please open an attachment for the sh run

since there is no existing outbound acl, there is no need for the acl outbound.

i guess you were testing the connectivity by pinging. pix by default block echo response. to allow pinging, apply the entry below to acl inbound:

access-list inbound permit icmp any any

in fact, you can test the connectivity by issuing the command below on pc 192.168.0.110. from pc 192.168.0.110, start the dos prompt and type in:

telnet 203.13.163.xxx 4569

Yes you are right i am trying to ping from the PC

I am accessing 192.168.0.110 from this PC 192.168.0.33 through putty.exe.

I tried through dos prompt by typing telnet 203.13.163.xxx 4569

=====================================================

Microsoft Windows XP [Version 5.1.2600]

(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Admin>telnet 203.13.163.244 4569

Connecting To 203.13.163.2xx...Could not open connection to the host, on port 45

69: Connect failed

C:\Documents and Settings\Admin>

====================================================

the site with 203.12.163.xxx may have firewall rules permitting only legitimate ip addresses. verify that the your pix public ip is one of the trusted hosts.

the "telnet 203.13.163.xxx 4569" fails on the pc maybe due to the fact that the service is on udp not tcp. otherwise please advise if the service is on tcp, then we need to investigate the pix config further.

also just wondering if you can ping the ip 203.13.163.xxx from 192.168.0.110, after the applying the command "access-list inbound permit icmp any any ".

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: