PCAnywhere through PIX Firewall 6.1

Posted on 2004-07-30
Last Modified: 2010-04-12
I'm a little bit green when it comes to both PIX and Cisco routers, but I've been asked to open up ports so that an external user using PCAnywhere can access one of our internal PC's.  I believe the ports that need to be opened are 5631, and 5632, but I'm a little bit lost as to how to do it.  The internal network is setup using VLAN's on a cisco router, and each internal VLAN is specified an external IP on the pix firewall.  Here is the setup we currently have:

PIX Firewall External:
PIX Firewall Internal:

VLAN External:
VLAN Internal:
PCAnywhere Host Computer:

Here are the settings I've tried, and perhaps someone could show me where I'm going wrong.

static (inside,outside) tcp 5631 5631 netmask 0 0
static (inside,outside) tcp 5632 5632 netmask 0 0
static (inside,outside) udp 5631 5631 netmask 0 0
static (inside,outside) udp 5632 5632 netmask 0 0

access-list acl-outside permit tcp any host eq 5631
access-list acl-outside permit tcp any host eq 5632
access-list acl-outside permit udp any host eq 5631
access-list acl-outside permit udp any host eq 5632

I've also tried changing the static mapping to:

static (inside,outside) netmask 0 0

Seeing as I'm very inexperienced with this type of setup, the commands that I've tried were largely used due to different newsgroup postings I've seen with people having similar problems.  I think I'm on the right track, but obviously am missing something, as it still doesn't work.

Any insight anyone can give me on this would be greatly appreciated.


Question by:choldsworth
  • 2
  • 2
  • 2
LVL 36

Accepted Solution

grblades earned 500 total points
ID: 11679643
Hi choldsworth,
Those commands look correct. Have you also applied the access-list using "access-group acl-outside in interface outside" ?
LVL 23

Expert Comment

by:Tim Holman
ID: 11680941
These commands are fine, although if you're using an older version of PIX, you'll probably need to reboot to activate the changes.

Author Comment

ID: 11681493
Thanks for the replies.  I haven't had a chance to try it yet (not at that office right now), but I will give your suggestion a try, grblades.  I didn't try that command, and it may well be the answer.

tim_holman, this is PIX firewall 515 (6.1) ... do i need to write to flash memory, and then reboot with this version, or should it work right away?  I'm sure I'll find out as soon as I try it, just thought I'd see if you knew.

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 36

Expert Comment

ID: 11681512
You should always "wri mem" to save the configuration to flash once you have a working configuration and oviously before rebooting the PIX to try something out.
LVL 23

Expert Comment

by:Tim Holman
ID: 11683528
6.1 is still fairly buggy.  If you can get to 6.3(3) then you're on safer ground.  :)

Author Comment

ID: 11763657
Thanks for the help, guys.  Your solution worked for me grblades... such a simple solution that makes perfect sense.  I should really buy a book on PIX or something :)  Anyways, it's all working.. thanks a lot.

Featured Post

Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Like many others, when I created a Windows 2008 RRAS VPN server, I connected via PPTP, and still do, but there are problems that can arise from solely using PPTP.  One particular problem was that the CFO of the company used a Virgin Broadband Wirele…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question