pix 501 port forwarding for video surveillance system alarm monitoring

Posted on 2009-12-16
Last Modified: 2012-05-08
The attached firewall cfg attached needs to be modified to allow traffic from the ports 5140, 5150, 5160, 5170 on the computer with ip address to pass through the firewall to the outside world. This is to permit the video surveillance data at the computer to be accessed by the alarm monitoring company and the corporate security managers with the software they are providing. I have changed ip addresses in the config so that I'm not posting our true information. Just pretend they are correct and modify accordingly.

Thanks, isfco
Question by:I_S_F_C_O
    LVL 22

    Accepted Solution

    access-list outside_access_in permit tcp any interface outside eq 5140
    access-list outside_access_in permit tcp any interface outside eq 5150
    access-list outside_access_in permit tcp any interface outside eq 5160
    access-list outside_access_in permit tcp any interface outside eq 5170
    static (inside,outside) tcp interface 5140 5140 netmask 0 0
    static (inside,outside) tcp interface 5150 5150 netmask 0 0
    static (inside,outside) tcp interface 5160 5160 netmask 0 0
    static (inside,outside) tcp interface 5170 5170 netmask 0 0

    If you know the IP address that your alarm company will be coming in from, I would replace the "any" in the access-lists above with "host x.x.x.x" and whatever IP address they provide.

    Author Comment

    Thank you, jodylemoine.

    Ok,  the first 5 lines are accepted by the pix. When I try and enter the sixth line I receive this message,
    "ERROR: duplicate of existing static"

    Do you have some advice as to how to get the remainder of the lines to operate in the pix 501?

    Thank you,

    LVL 22

    Expert Comment

    by:Jody Lemoine
    It's telling you that the static forwards have already been entered into the system.  If you show your running config, what do you have for "static (inside,outside)" statements?

    Author Comment

    When I pasted the lines in I had 5140 as the second port number in the static statements, even as the port changed to 5150, etc, on my static line additions. I didn't copy and paste yours, I used one that I was working on in notepad that was not edited correctly. If I had slowed down I would have noticed the mistake. Thank you for your help and this is all wrapped up now. Merry Christmas to all and to all a good night!

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Join & Write a Comment

    How to configure Site to Site VPN on a Cisco ASA.     (version: 1.1 - updated August 6, 2009) Index          [Preface]   1.    [Introduction]   2.    [The situation]   3.    [Getting started]   4.    [Interesting traffic]   5.    [NAT0]   6.…
    Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    730 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now