[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

PIX501: configuring Service object for Remote Desktop/Polycom/Custom PcAnywhere?

Posted on 2004-10-28
3
Medium Priority
?
276 Views
Last Modified: 2010-04-09
My current following settings are working good for Remote Desktop and Web:

access-list outside_access_in permit tcp any interface outside eq 5451
access-list outside_access_in permit tcp any interface outside eq 5452
access-list outside_access_in permit tcp any interface outside eq 5455
access-list nonat permit ip 192.168.100.0 255.255.255.0 192.168.101.0 255.255.255.0

static (inside,outside) tcp interface 5451 192.168.100.6 www netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 5452 192.168.100.6 3389 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 5455 192.168.100.8 www netmask 255.255.255.255 0 0

Actually I am trying to utilize the object service to setup firewall for remote desktop at first and later for other applications like polycom and custom applications I have done this in Netscreen products but I am new to Cisco.

In above setup Windows XP Remote Desktop to 141.157.233.104:5452  is working fine but why not in the following senario when I try to implement services?

 object-group service RmDskTp tcp
 description Remote Desk Top
 port-object range 3389 3389
 access-list outside_access_in permit tcp any object-group RmDskTp interface outside object-group RmDskTp

Or how can I make custom services say PC101Any for following?

access-list outside_access_in permit tcp any interface outside eq 5634
access-list outside_access_in permit udp any interface outside eq 5635
static (inside,outside) tcp interface 5634 192.168.100.8 5634 netmask 255.255.255.255 0 0
static (inside,outside) udp interface 5635 192.168.100.8 5635 netmask 255.255.255.255 0 0

thanks,

faruqi
0
Comment
Question by:sfaruqi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 36

Accepted Solution

by:
grblades earned 1000 total points
ID: 12463459
> access-list outside_access_in permit tcp any object-group RmDskTp interface outside object-group RmDskTp
This will allow only traffic coming from a port listed in the object group and going to a port in the object group. Normally when a client establishes a connection it establishes it from a high port number (>1023) so you cannot normally use this in access lists except for specific protocol such as DNS. Therefore I suggest you change the line to the following and try it again:-
access-list outside_access_in permit tcp any  interface outside object-group RmDskTp
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question