Allow Traffic In/Out on specific ports from CLI

[T3st1ng]

How can I allow traffic to flow in and out to a specific port, such as TCP/5566, on my PIX 515E from the CLI?

 

[KiscoKid]

access-list outside_access_in permit tcp any any eq 5566
access-list inside_access_out permit tcp any any eq 5566

access-group outside_access_in in interface outside
access-group inside_access_out in interface inside

You may already have your own access groups already applied. If so just change the names in the examples above to what you have currently (use the 'show access-group' command in CLI to see what they are called).

 

[lgarner]

And it you don't have one, especially inside_access_out, be sure to add all traffic that you want to go out. There's an implied "deny ip any any" at the end of every access-list.

 

[T3st1ng]

If this traffic is initiated from inside my firewall, I shouldn't have to specifically allow it to come back in, correct??

 

[KiscoKid]

No you don't. The PIX will allow any TCP reply traffic back in through the firewall.