sfaruqi
asked on
PIX501: configuring Service object for Remote Desktop/Polycom/Custom PcAnywhere?
My current following settings are working good for Remote Desktop and Web:
access-list outside_access_in permit tcp any interface outside eq 5451
access-list outside_access_in permit tcp any interface outside eq 5452
access-list outside_access_in permit tcp any interface outside eq 5455
access-list nonat permit ip 192.168.100.0 255.255.255.0 192.168.101.0 255.255.255.0
static (inside,outside) tcp interface 5451 192.168.100.6 www netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 5452 192.168.100.6 3389 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 5455 192.168.100.8 www netmask 255.255.255.255 0 0
Actually I am trying to utilize the object service to setup firewall for remote desktop at first and later for other applications like polycom and custom applications I have done this in Netscreen products but I am new to Cisco.
In above setup Windows XP Remote Desktop to 141.157.233.104:5452 is working fine but why not in the following senario when I try to implement services?
object-group service RmDskTp tcp
description Remote Desk Top
port-object range 3389 3389
access-list outside_access_in permit tcp any object-group RmDskTp interface outside object-group RmDskTp
Or how can I make custom services say PC101Any for following?
access-list outside_access_in permit tcp any interface outside eq 5634
access-list outside_access_in permit udp any interface outside eq 5635
static (inside,outside) tcp interface 5634 192.168.100.8 5634 netmask 255.255.255.255 0 0
static (inside,outside) udp interface 5635 192.168.100.8 5635 netmask 255.255.255.255 0 0
thanks,
faruqi
access-list outside_access_in permit tcp any interface outside eq 5451
access-list outside_access_in permit tcp any interface outside eq 5452
access-list outside_access_in permit tcp any interface outside eq 5455
access-list nonat permit ip 192.168.100.0 255.255.255.0 192.168.101.0 255.255.255.0
static (inside,outside) tcp interface 5451 192.168.100.6 www netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 5452 192.168.100.6 3389 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 5455 192.168.100.8 www netmask 255.255.255.255 0 0
Actually I am trying to utilize the object service to setup firewall for remote desktop at first and later for other applications like polycom and custom applications I have done this in Netscreen products but I am new to Cisco.
In above setup Windows XP Remote Desktop to 141.157.233.104:5452 is working fine but why not in the following senario when I try to implement services?
object-group service RmDskTp tcp
description Remote Desk Top
port-object range 3389 3389
access-list outside_access_in permit tcp any object-group RmDskTp interface outside object-group RmDskTp
Or how can I make custom services say PC101Any for following?
access-list outside_access_in permit tcp any interface outside eq 5634
access-list outside_access_in permit udp any interface outside eq 5635
static (inside,outside) tcp interface 5634 192.168.100.8 5634 netmask 255.255.255.255 0 0
static (inside,outside) udp interface 5635 192.168.100.8 5635 netmask 255.255.255.255 0 0
thanks,
faruqi
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.