Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How to Allow certain ports through to all hosts and...

Status
Not open for further replies.
kirby449

kirby449

Technical User
Jun 15, 2003
47
GB
Hi guys

I want to open 2 ports through our PIX to all internal hosts but I have 3 network cards in the PIX.

One card is on 192.168.1.0, and the other 192.168.5.0.

I only want to open the ports to the 192.168.5.0 network.

Is there a way to do this?

Cheers
KG1
 
Sort by date Sort by votes
perhaps you should provide more information so that people here can help to troubleshoot. By default, traffic from more secured interface can access the less secured interface without having specify any rules, all you need is the "nat" and "global" command to perform addression translation (since pix is not a router).

 
Upvote 0 Downvote
access-list <whatevername> permit <protocol> any 192.168.5.0 255.255.255.0 eq <port#>

<whatevername> = Access List Name
<protocol> = TCP, UDP, ICMP, (not IP)
<port#> = Port #, example HTTP is 80.

Computer/Network Technician
CCNA
 
Upvote 0 Downvote
btw, khaiyang, he was asking how to open up certain ports, so people from the outside interface could access these ports on hosts in the internal or dmz interface.

Computer/Network Technician
CCNA
 
Upvote 0 Downvote
Thanks for the help guys. LloydSev, spot on - exactly what I needed to know. Many thanks
 
Upvote 0 Downvote
To allow inbound connections to ALL hosts on a network, you would have to have a global IP address and static NAT for each one as the connection to that port would have to be made to a particular global IP address. How else would you direct traffic to those ports? On what external IP address? You can't direct traffic to an RFC1918 address from the internet (well you can but you may not have much success!) Adding an access list to the external interface allowing traffic to 192.168.5.0 /24 is only any good if traffic to that network hits your firewall, which it won't unless this is part of a private WAN.

Maybe if you explain the reason why you want to do this we can suggest something?

Chris.

**********************
Chris A.C, CCNA, CCSA
**********************
 
Upvote 0 Downvote
I just assumed he had already mapped the addresses successfully and needed to open those specific ports.

Computer/Network Technician
CCNA
 
Upvote 0 Downvote
Yes, thanks guys - as LloydSev thought, I already have the addresses mapped and everything is working now.

Thanks again
 
Upvote 0 Downvote
Coolio. I was just checking.

Chris.

**********************
Chris A.C, CCNA, CCSA
**********************
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
255
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
272
Johnkite
Johnkite
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
220
nnaarrnn
nnaarrnn
Russtoleum
  • Locked
  • Question
SW GVC won't route traffic through sonicwall to offsite tunnel unless it leases an ip on the same su
Replies
1
Views
88
Russtoleum
Russtoleum
ChrisFairley
  • Locked
  • Question
Downloads failing through ASA 5520
Replies
1
Views
81
iggsterman
iggsterman

Part and Inventory Search

Sponsor

Back
Top