choldsworth
asked on
PCAnywhere through PIX Firewall 6.1
I'm a little bit green when it comes to both PIX and Cisco routers, but I've been asked to open up ports so that an external user using PCAnywhere can access one of our internal PC's. I believe the ports that need to be opened are 5631, and 5632, but I'm a little bit lost as to how to do it. The internal network is setup using VLAN's on a cisco router, and each internal VLAN is specified an external IP on the pix firewall. Here is the setup we currently have:
PIX Firewall External: 139.142.39.33
PIX Firewall Internal: 10.1.100.1
VLAN External: 139.142.39.46
VLAN Internal: 10.1.130.1
PCAnywhere Host Computer: 10.1.130.50
Here are the settings I've tried, and perhaps someone could show me where I'm going wrong.
static (inside,outside) tcp 139.142.39.46 5631 10.1.130.50 5631 netmask 255.255.255.255 0 0
static (inside,outside) tcp 139.142.39.46 5632 10.1.130.50 5632 netmask 255.255.255.255 0 0
static (inside,outside) udp 139.142.39.46 5631 10.1.130.50 5631 netmask 255.255.255.255 0 0
static (inside,outside) udp 139.142.39.46 5632 10.1.130.50 5632 netmask 255.255.255.255 0 0
access-list acl-outside permit tcp any host 139.142.39.46 eq 5631
access-list acl-outside permit tcp any host 139.142.39.46 eq 5632
access-list acl-outside permit udp any host 139.142.39.46 eq 5631
access-list acl-outside permit udp any host 139.142.39.46 eq 5632
I've also tried changing the static mapping to:
static (inside,outside) 139.142.39.46 10.1.130.50 netmask 255.255.255.255 0 0
Seeing as I'm very inexperienced with this type of setup, the commands that I've tried were largely used due to different newsgroup postings I've seen with people having similar problems. I think I'm on the right track, but obviously am missing something, as it still doesn't work.
Any insight anyone can give me on this would be greatly appreciated.
Thanks.
PIX Firewall External: 139.142.39.33
PIX Firewall Internal: 10.1.100.1
VLAN External: 139.142.39.46
VLAN Internal: 10.1.130.1
PCAnywhere Host Computer: 10.1.130.50
Here are the settings I've tried, and perhaps someone could show me where I'm going wrong.
static (inside,outside) tcp 139.142.39.46 5631 10.1.130.50 5631 netmask 255.255.255.255 0 0
static (inside,outside) tcp 139.142.39.46 5632 10.1.130.50 5632 netmask 255.255.255.255 0 0
static (inside,outside) udp 139.142.39.46 5631 10.1.130.50 5631 netmask 255.255.255.255 0 0
static (inside,outside) udp 139.142.39.46 5632 10.1.130.50 5632 netmask 255.255.255.255 0 0
access-list acl-outside permit tcp any host 139.142.39.46 eq 5631
access-list acl-outside permit tcp any host 139.142.39.46 eq 5632
access-list acl-outside permit udp any host 139.142.39.46 eq 5631
access-list acl-outside permit udp any host 139.142.39.46 eq 5632
I've also tried changing the static mapping to:
static (inside,outside) 139.142.39.46 10.1.130.50 netmask 255.255.255.255 0 0
Seeing as I'm very inexperienced with this type of setup, the commands that I've tried were largely used due to different newsgroup postings I've seen with people having similar problems. I think I'm on the right track, but obviously am missing something, as it still doesn't work.
Any insight anyone can give me on this would be greatly appreciated.
Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Tim Holman
These commands are fine, although if you're using an older version of PIX, you'll probably need to reboot to activate the changes.
ASKER
Thanks for the replies. I haven't had a chance to try it yet (not at that office right now), but I will give your suggestion a try, grblades. I didn't try that command, and it may well be the answer.
tim_holman, this is PIX firewall 515 (6.1) ... do i need to write to flash memory, and then reboot with this version, or should it work right away? I'm sure I'll find out as soon as I try it, just thought I'd see if you knew.
Thanks.
tim_holman, this is PIX firewall 515 (6.1) ... do i need to write to flash memory, and then reboot with this version, or should it work right away? I'm sure I'll find out as soon as I try it, just thought I'd see if you knew.
Thanks.
You should always "wri mem" to save the configuration to flash once you have a working configuration and oviously before rebooting the PIX to try something out.
6.1 is still fairly buggy. If you can get to 6.3(3) then you're on safer ground. :)
ASKER
Thanks for the help, guys. Your solution worked for me grblades... such a simple solution that makes perfect sense. I should really buy a book on PIX or something :) Anyways, it's all working.. thanks a lot.