Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Allowing VNC through the PIX

Status
Not open for further replies.
zephyran

zephyran

Technical User
Nov 30, 2001
311
US
We want to allow a user to connect from outside, through the firewall, to an internal machine using VNC. I know that I have to allow port 5900 for inbound, but how do I configure this on the PIX?

BTW, we are running a PIX Classic with version 4.0.6 software (yeah, I know it's old, but it can't be helped).
 
Sort by date Sort by votes
Thanks, the CONDUIT part was what I wasn't so sure about (a static mapping already exists).

I've set up a global command to allow TCP and UDP ports 5900 (as required by the VNC software), but the user is still unable to connect. Anyone else have experience setting a PIX to pass VNC connections through?
 
Upvote 0 Downvote
static (inside,outside) 199.199.199.199 192.168.1.1 netmask 255.255.255.255 0 0
conduit permit icmp any any
conduit permit tcp host 199.199.199.199 eq 5900 any

Should do the trick

You need the static command and the conduit in place in order to pass port 5900 from an outside IP to an inside IP.

-Danny
dan@snoboarder.net






 
Upvote 0 Downvote
Our PIX is running software 4.0.6, which uses conduit commands in a different format. The conduit commands I've entered are:

conduit 199.199.199.199 5900 tcp 0.0.0.0 0.0.0.0
conduit 199.199.199.199 5900 udp 0.0.0.0 0.0.0.0

The static command already existed:

static 199.199.199.199 10.0.0.12
 
Upvote 0 Downvote
So is it working ?

Did you confirm that port 5900 is open on host 10.0.0.12
Can you connect to this port internally on your network.
(Just trying to isolate the problem to the firewall)

I would then ask that you post atleast part of your PIX config in order to further assist you with this problem. Of course change your IP addresses for security reasons. -Danny
dan@snoboarder.net






 
Upvote 0 Downvote
I have found the problem... The user that was trying to connect from outside has Windows ME on his system, which is notorious for flaky networking. Another outside user with a Win 2000 system connected in just fine.

Thanks for your help everyone!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
521
nnaarrnn
nnaarrnn
brownmab53
  • Locked
  • Question
PIX 525 ASA not allowing DHCP addresses to pass through to router
Replies
0
Views
151
brownmab53
brownmab53
ChrisFairley
  • Locked
  • Question
Downloads failing through ASA 5520
Replies
1
Views
141
iggsterman
iggsterman
Russtoleum
  • Locked
  • Question
SW GVC won't route traffic through sonicwall to offsite tunnel unless it leases an ip on the same su
Replies
1
Views
167
Russtoleum
Russtoleum
gbayi_omo
  • Locked
  • Question
Cisco ASA 5505 not allowing access to highest security zone
Replies
0
Views
121
gbayi_omo
gbayi_omo

Part and Inventory Search

Sponsor

Back
Top