• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 467
  • Last Modified:

pix 501 port forwarding for video surveillance system alarm monitoring

The attached firewall cfg attached needs to be modified to allow traffic from the ports 5140, 5150, 5160, 5170 on the computer with ip address 192.168.118.220 to pass through the firewall to the outside world. This is to permit the video surveillance data at the computer to be accessed by the alarm monitoring company and the corporate security managers with the software they are providing. I have changed ip addresses in the config so that I'm not posting our true information. Just pretend they are correct and modify accordingly.

Thanks, isfco
pixcfg.txt
0
I_S_F_C_O
Asked:
I_S_F_C_O
  • 2
  • 2
1 Solution
 
Jody LemoineNetwork ArchitectCommented:
access-list outside_access_in permit tcp any interface outside eq 5140
access-list outside_access_in permit tcp any interface outside eq 5150
access-list outside_access_in permit tcp any interface outside eq 5160
access-list outside_access_in permit tcp any interface outside eq 5170
static (inside,outside) tcp interface 5140 192.168.118.220 5140 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 5150 192.168.118.220 5150 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 5160 192.168.118.220 5160 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 5170 192.168.118.220 5170 netmask 255.255.255.255 0 0

If you know the IP address that your alarm company will be coming in from, I would replace the "any" in the access-lists above with "host x.x.x.x" and whatever IP address they provide.
0
 
I_S_F_C_OAuthor Commented:
Thank you, jodylemoine.

Ok,  the first 5 lines are accepted by the pix. When I try and enter the sixth line I receive this message,
 
"ERROR: duplicate of existing static"

Do you have some advice as to how to get the remainder of the lines to operate in the pix 501?

Thank you,

isfco
0
 
Jody LemoineNetwork ArchitectCommented:
It's telling you that the static forwards have already been entered into the system.  If you show your running config, what do you have for "static (inside,outside)" statements?
0
 
I_S_F_C_OAuthor Commented:
When I pasted the lines in I had 5140 as the second port number in the static statements, even as the port changed to 5150, etc, on my static line additions. I didn't copy and paste yours, I used one that I was working on in notepad that was not edited correctly. If I had slowed down I would have noticed the mistake. Thank you for your help and this is all wrapped up now. Merry Christmas to all and to all a good night!
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now