Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

Troubleshooting
Research
Professional Opinions
Ask a Question
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

troubleshooting Question

Cisco Firewall - Proper way to open ports into inside interface

Avatar of ddrmis
ddrmis asked on
Software Firewalls
7 Comments1 Solution465 ViewsLast Modified:
The sad reality of security I guess. I need to open up bi-directional communication ports on our firewall quite frequently to allow our workstations to communicate with remote applications. We are running ver 6.X of PIX. I was wondering what the proper / best practice method is for this. I want to only allow access to these clients machines to mitigate my risks. I've not seen a good example in my limited research, but following is what i have done:

server we need to communicate with (outside our network): 123.123.123.123
port: 5555
outside interface: 200.200.200.50 (our public IP for network/Internet traffic)
internal computer / workstation that needs access to server / gateway outside our secured network: 10.10.10.10 on a 10.10.X.X network

access-list outside_in permit tcp host 123.123.123.123 interface outside 5555

access-list outside_in permit tcp interface outside host 10.10.10.10 eq 5555

access-list outside_in deny tcp interface outside any eq 5555

access-list inside_in permit tcp host 10.10.10.10 host 123.123.123.123 eq 5555

I'm not sure if the host keyword is used correctly here. I'm setting up my stuff with object-groups, so please forgive the syntax and feel free to correct me here ;)

Sincerely,
Security... what security?
ASKER CERTIFIED SOLUTION
Avatar of Les Moore
Les MooreFlag of United States of America imageSystems Architect
Commented:
This problem has been solved!
Unlock 1 Answer and 7 Comments.
See Answers