• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 309
  • Last Modified:

Enabling RAS on PIX 501

I wish to configure my pix 501 with RAS remote access but I am unsure of what i need to add to my firewall interms of directing traffic to my ras server. What access lists etc will i need to configure for outside access? is there any particular service that i need to add?

  • 2
1 Solution
What do you want to access from INTERNET?  Internal Server/Computer?  The PIX itself?

If computer:   with  - example:

Just setup port forwarding - example below
      static (inside,outside) tcp interface eq 3389 netmask 0 0 --> forwards RDP to PC
      static (inside,outside) tcp interface eq 5900 netmask 0 0 --> forwards VNC to PC

Filter on source ip address for access allow - example below
      access-list inbound line 1 permit host host eq 3389
      access-list inbound line 2 permit host host eq 5900

If PIX is what you want RAS for:

You need to configure ssh:
      ssh outside -----> the "" allows any host/subnet to ssh to "outside" interface
                                                      adjust the "" to your WAN IP settings

You also need access-list entry to permit tcp port 22 traffic
     access-list inbound line 3 permit tcp any any eq 22


Hope this helps

bjbitAuthor Commented:

I need to allow users access to mail/file servers etc.

should i not accept

 static (inside,outside) tcp interface eq 3389 netmask 0 0 --> forwards RDP to PC
      static (inside,outside) tcp interface eq 5900 netmask 0 0 --> forwards VNC to PC

as users will be using the dsl providers ips or is there a better way to lock this down and still allow
First, this is dangerous.  These mail/file servers should be on a dmz interface to segregate your internal network away from things that outside users can access.  I'd point you in the direction of vpn, however, it's much slower and you'd need to have your outside users run a vpn client just to get to their mail....try the dmz approach.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now