Cisco Pix 501 Port Forwarding

Posted on 2006-05-19
Last Modified: 2010-08-05
I have open the port on my pix firewall using the following command where is the outside ip address.  

{Access-list acl_out permit tcp any host eq 25000}

What command do I use to have the firewall forward all traffic on that port to the internal server
Question by:MarkWP
    LVL 5

    Assisted Solution

    Same commands just don't specify a port.  If you don't specify a port it forwards all ports.  Why have a pix if you are going to do this.  This is extremly unsecure.  I hope you have a good backup routine......

    access-group 100 in interface outside
    access-list 100 permit tcp any host
    access-group 100 in interface outside
    hostname(config)# static (inside,outside) tcp netmask

    you will also have to get rid of the old entries by typing the NO at the front of each command
    LVL 1

    Author Comment

    What is a more secure way to do this then?  
    LVL 5

    Expert Comment

    What are you trying to access on the server or workstation.  What applications.  Maybe terminal services would allow real-time access to your apps with only forwarding port 3389.  Let me know what you are trying to do and we will figure out a  way to do it without making your server or workstation wide open.    

    LVL 1

    Author Comment

    I have 2 locations..1 in the US and 1 in India. I want to replicate large amounts of data over the internet.  I found a program that workes pretty well but I would need to forward the traffic on port 25000 to the software.   I am still in the testing phase.  The program will work over VPN but when testing I have had problems with my VPN disconnecting.
    Is it possible to restrict the traffic on that port by IP adress instead of opening it the whole world?
    LVL 10

    Accepted Solution

    Yes it can be done. As centrepc suggested remove old commands. If you need help selecting which command to remove, post your PIX configuration and we can mark them for you.

    Asuming is the External IP Address on US end and is the external IP Address on India's side.

    One US PIX:

    config term

    Access-list acl_out permit tcp host host eq 25000

    static (inside,outside) netmask

    access-group acl_out in interface outside

    First command will start configuration mode
    Second will open port 25000 for host to ONLY host
    Third is a mapping to map external IP address to
    Fourth is to apply the open port command on external outside interface
    LVL 1

    Author Comment

    Thanks guys

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
    If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now