Solved

Pix 506 E Multiple Port Configuration

Posted on 2013-01-04
1
710 Views
Last Modified: 2013-01-07
Experts,
I have a client who is using a pix 506e as a firewall.  They are getting a new phone system and the installing company has asked them to open the following ports:

5060 – UDP/TCP
•         5004 – UDP/TCP
•         10000-10201 - UDP

I was able to set these up in the access list by using a group-object based on this article:
http://www.experts-exchange.com/Hardware/Networking_Hardware/Firewalls/Q_23210702.html

However, at the bottom of this artilce, it states I have to manually static map each of the
200 plus ports in the 10000 - 10201 range.  Here is the text from the above article:

object-group service group_1 tcp-udp
  port-object range 1717 1723
access-list outside_access_in permit tcp any interface outside object-group group_1

but then you need a static for every port!!!

static (inside,outside) tcp interface 1717 10.10.10.4 1717 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 1718 10.10.10.4 1718 netmask 255.255.255.255 0 0

etc

There is no way of creating 1 static mapping - for ex>

static (inside, outside) tcp interface etc ......

to list all these ports ?

Please advise.
Thanks
John
0
Comment
Question by:hexvader
1 Comment
 
LVL 57

Accepted Solution

by:
Pete Long earned 500 total points
ID: 38745483
>>but then you need a static for every port!!!

Unfortunately - you have a firewall that cannot be upgraded past 6.3(5) so Yes! you have to do one for EVERY port

Pete
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
SSH logs Cisco switch 4 33
Cisco MAC address finding 5 49
Cisco switch SVI 17 42
Wifi install - small London office 9 83
I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now