lizardqueen007
asked on
conduit permit command on a pix 506 version 5.1
hello I am working on a pix version 5.1
I have successfully implimented the
conduit permit tcp host 222.222.222.222 eq 5555 any command. And it worked! This is so i don't have to drive 50 miles to administer this nightmare.
Anyway, I would like to limit access to port 5555 to ONLY my home ip address for security reasons. I'm using a remote admin utility.
If anyone knows the exact command , let's pretend my ip at home is 111.111.111.111
Thank's everyone
laura
I have successfully implimented the
conduit permit tcp host 222.222.222.222 eq 5555 any command. And it worked! This is so i don't have to drive 50 miles to administer this nightmare.
Anyway, I would like to limit access to port 5555 to ONLY my home ip address for security reasons. I'm using a remote admin utility.
If anyone knows the exact command , let's pretend my ip at home is 111.111.111.111
Thank's everyone
laura
can you specify what excatly you need ..
like connecting to your pix appliance or some dmz machines?? remotely?
what is this 222.222.222.222 ?
like connecting to your pix appliance or some dmz machines?? remotely?
what is this 222.222.222.222 ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank's again Irmoore! Does an upgrade require reconfiguration? Do I need to purchase the upgrade and where do I get it? Again, I appreciate very much the excellent help!
ASKER
router#show running-config
Building configuration...
Current configuration:
!
version 11.0
service udp-small-servers
service tcp-small-servers
!
hostname router
!
enable secret xxxxxxxxxxxxxxxxxxxxxxxxx
enable passwordxxxxxxxxxxxxxxxxxx
!
!
interface Ethernet0
ip address 99.99.99.99 255.255.255.224
!
interface Serial0
ip address 99.99.99.99 255.255.255.252
!
interface Serial1
no ip address
shutdown
!
ip name-server 222.222.3.65
ip name-server 222.222.2.65
ip route 0.0.0.0 0.0.0.0 99.99.99.99
!
line con 0
line aux 0
transport input all
line vty 0 4
password xxxxxxxxxxxxxxxxx
login
!
end
Building configuration...
Current configuration:
!
version 11.0
service udp-small-servers
service tcp-small-servers
!
hostname router
!
enable secret xxxxxxxxxxxxxxxxxxxxxxxxx
enable passwordxxxxxxxxxxxxxxxxxx
!
!
interface Ethernet0
ip address 99.99.99.99 255.255.255.224
!
interface Serial0
ip address 99.99.99.99 255.255.255.252
!
interface Serial1
no ip address
shutdown
!
ip name-server 222.222.3.65
ip name-server 222.222.2.65
ip route 0.0.0.0 0.0.0.0 99.99.99.99
!
line con 0
line aux 0
transport input all
line vty 0 4
password xxxxxxxxxxxxxxxxx
login
!
end
>Does an upgrade require reconfiguration? Do I need to purchase the upgrade and where do I get it?
Upgrade to the PIX does not require re-configuration initially, but conduits are going away in favor of access-lists. The PDM GUI does not like conduits. Cisco has a conduit-access list converter.
The upgrade is free download from Cisco if you have Smarnet Maintenance contract and CCO login. It's a lot cheaper to buy 1 year of 8x5 maint package than it is to buy a 1-time OS upgrade.
Check http://www.cdw.com for smartnet maintenance for the 506
The config you posted if for a router. ???
Laura, I admire you for jumping in with both feet - blindfolded! You're not afraid to take risks and jump in and change something to try to fix a problem. Good luck. We'll be here for a long time. Perhaps you'll come back in and start answering questions, too, once you get a little experience.
Upgrade to the PIX does not require re-configuration initially, but conduits are going away in favor of access-lists. The PDM GUI does not like conduits. Cisco has a conduit-access list converter.
The upgrade is free download from Cisco if you have Smarnet Maintenance contract and CCO login. It's a lot cheaper to buy 1 year of 8x5 maint package than it is to buy a 1-time OS upgrade.
Check http://www.cdw.com for smartnet maintenance for the 506
The config you posted if for a router. ???
Laura, I admire you for jumping in with both feet - blindfolded! You're not afraid to take risks and jump in and change something to try to fix a problem. Good luck. We'll be here for a long time. Perhaps you'll come back in and start answering questions, too, once you get a little experience.
ASKER
Yes lrmoore, It seems I posted the router config by mistake. I will check out the upgrade although this has been a great learning experience. I really appreciate your help. I am trying to answer questions to which I know the answers. I will be around to help out as I learn. I think I'm headed for the ccna.
Take care,
Laura
Take care,
Laura
Irmoore.. Hat's OFF for that fast and prompt Response...
ASKER