PIX access list from outside to inside

Posted on 2007-08-09
Last Modified: 2013-11-16

Am a newbie to the PIX. Wanted to know how to allow the PIX to allow access for port 8181 from outside to inside. Do I need to have an external IP address? I have a server that this access list can go to internally with a 192.168.X.X address. Any suggestions? Thanks.
Question by:abhijitm00
    LVL 19

    Accepted Solution


    you need an external ip address for the server to be available to the internet.  You can do it 2 ways - if you have a free ip address, you can translate your internal server to the free ip address and allow traffic accordingly.  If you only have one ip address and are using it for the PIX outside interface - you can port translate traffic on port 8181 to go to the internal ip.

    For free ip address:
    access-list fromoutside permit tcp any x.x.x.x eq 8181
    static (inside,outside) x.x.x.x 192.168.x.x netmask
    access-group fromoutside in interface outside

    For using PIX interface ip
    access-list fromoutside permit tcp any interface outside eq 8181
    static (inside,outside) tcp interface 8181 192.168.x.x  8181 netmask
    access-group fromoutside in interface outside

    where x.x.x.x is the free public ip address and 192.168.x.x is the internal ip.  In the second example, type in the PIXs external ip address from outside your network and the PIX will redirect all port 8181 traffic to 192.168.x.x.

    hope this helps

    Author Comment

    Thanks nodisco, I will try this out and let you know.
    LVL 19

    Expert Comment


    Author Comment

    Hey nodisco,

    I entered the second command in and it keeps coming up with: "Type help or '?' for a list of available commands." as shown below. It will not let me proceed.
    firewall> access-list out_in permit tcp any interface outside eq 8181
    Type help or '?' for a list of available commands.
    LVL 19

    Expert Comment


    you are not in global configuration mode

    you need to type - enable and hit return
    enter the enable password
    then type conf t and hit enter

    then enter the commands

    when finished type write mem to save


    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Join & Write a Comment

    Suggested Solutions

    How to sign a powershell script so you can prevent tampering, and only allow users to run authorised Powershell scripts
    I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now