Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

Port Access

On some of my internal machines requires a access to this ip address( in particular port access 4569 for IAX.

Please advice how do i open. I request only expertise to answer my question.



Re: Port Access

pix by default will permit all outbound traffic.

if there is an outbound acl applied on the pix inside interface, then add the entry below to the existing outbound acl,

access-list outbound permit tcp host host eq 4569

you may replace the protocol with udp, depends on the iax requirement.

also need to verify the nat/global statement.


global (outside) 1 interface

nat (inside) 1 0 0

New Member

Re: Port Access

I have added the following command. After adding the above commands i try to ping from IP to its saying request timeout.

access-list outbound permit tcp host host eq 4569

access-list outbound permit udp host host eq 4569

Please open an attachment for the sh run


Re: Port Access

since there is no existing outbound acl, there is no need for the acl outbound.

i guess you were testing the connectivity by pinging. pix by default block echo response. to allow pinging, apply the entry below to acl inbound:

access-list inbound permit icmp any any

in fact, you can test the connectivity by issuing the command below on pc from pc, start the dos prompt and type in:

telnet 4569

New Member

Re: Port Access

Yes you are right i am trying to ping from the PC

I am accessing from this PC through putty.exe.

I tried through dos prompt by typing telnet 4569


Microsoft Windows XP [Version 5.1.2600]

(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Admin>telnet 4569

Connecting To not open connection to the host, on port 45

69: Connect failed

C:\Documents and Settings\Admin>



Re: Port Access

the site with may have firewall rules permitting only legitimate ip addresses. verify that the your pix public ip is one of the trusted hosts.

the "telnet 4569" fails on the pc maybe due to the fact that the service is on udp not tcp. otherwise please advise if the service is on tcp, then we need to investigate the pix config further.

also just wondering if you can ping the ip from, after the applying the command "access-list inbound permit icmp any any ".

CreatePlease to create content