I have a client who is using a pix 506e as a firewall. They are getting a new phone system and the installing company has asked them to open the following ports:
5060 – UDP/TCP
• 5004 – UDP/TCP
• 10000-10201 - UDP
I was able to set these up in the access list by using a group-object based on this article:
However, at the bottom of this artilce, it states I have to manually static map each of the
200 plus ports in the 10000 - 10201 range. Here is the text from the above article:
object-group service group_1 tcp-udp
port-object range 1717 1723
access-list outside_access_in permit tcp any interface outside object-group group_1
but then you need a static for every port!!!
static (inside,outside) tcp interface 1717 10.10.10.4 1717 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 1718 10.10.10.4 1718 netmask 255.255.255.255 0 0
There is no way of creating 1 static mapping - for ex>
static (inside, outside) tcp interface etc ......
to list all these ports ?