Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search instead for
Did you mean:
How to permit PCAnywhere connections through a PIX/ASA Firewall
In some situations, it may be necessary to permit access to a device through a PIX/ASA Firewall using PCAnywhere. By default, such connections are denied, so you must configure the PIX/ASA to allow PCAnywhere traffic to be permitted from the outside interface to the inside interface.
In most PIX/ASA scenarios, the inside interface and network uses private addressing, while the outside interface and network uses public addressing. Therefore, a static mapping must be created to establish the relationship between the outside and inside addresses. Moreover, an Access Control List (ACL) must define the traffic that is permitted through the PIX/ASA.
PCAnywhere uses ports 5631 (Data port or Transmission Control Protocol [TCP]) and 5632 (Status port or User Datagram Protocol [UDP]) to communicate. Therefore, these ports must be explicitly permitted on the PIX.
Consider the example of a device on the inside interface of the firewall with an IP address of 10.1.1.10, which is mapped to an external (global) IP address of 18.104.22.168. In this case, traffic destined for 22.214.171.124 arrives at the firewall, is translated to 10.1.1.10, and is passed to the inside interface.
Based on the above factors, the configuration necessary for this scenario follows:
static(inside,outside) 126.96.36.199 10.1.1.10 netmask 255.255.255.255! --- The static mapping between 188.8.131.52 (outside address) and 10.1.1.10 (inside address).access-list 101 permit tcp any host 184.108.40.206 eq 5631! --- Permits TCP traffic to 220.127.116.11, port 5631.access-list 101 permit udp any host 18.104.22.168 eq 5632! --- Permits UDP traffic to 22.214.171.124, port 5632.access-group 101 in interface outside! --- Apply ACL 101 to the outside interface.