• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 250
  • Last Modified:

pix506e

how to open ports in cisco pix 506e
0
nakka_sudhir
Asked:
nakka_sudhir
1 Solution
 
RusskyCommented:
Hi Nakka,

Can only give you basic info given the amount I have to go on!

Pix 506, you will need 2 Access Lists - One for the External interface and one for the Internal Interface.

Unless you are running a webserver or other kind of service, the external access list should deny everything
The internal access list should only allow through the traffic you need, i.e. port 80 for Web Browsing, 442 for SSL Etc..

So, firstly you need to create your access lists:
***
access-list acl_out deny ip any any
access-list acl_int permit tcp host any any eq www
access-list acl_int permit udp host any any eq domain
***

Then you bind them to the required interface:
***
access-group acl_out in interface outside
access-group acl_int in interface inside
***

acl_out is bound to the outside interface and denys all incoming traffic
acl_int is bound to the inside interface and only allows traffic out on ports 80 and 53 - the basics needed for web browsing.

Provided the rest of the pix is set up correctly you will now be able to look at web pages.

Hope this helps,

Russky




0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Network Scalability - Handle Complex Environments

Monitor your entire network from a single platform. Free 30 Day Trial Now!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now