How to open ports 5631 & 5632?

[pmandra]

Hi ladies and gentlemen,
I am setting up a new pix firewall and I need to leave ports 5631 and 5632 open to allow for pc anywhere connections. My current configuration on the pix firewall is as follows:

fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol smtp 25
fixup protocol sqlnet 1521
namespager lines 24
logging on
no logging timestamp
no logging console
no logging monitor
no logging buffered
no logging trap
logging facility 20
logging queue 512
interface ethernet0 auto
interface ethernet1 auto
mtu outside 1500
mtu inside 1500
ip address outside 66.158.63.66 255.255.255.224
ip address inside 192.168.1.254 255.255.255.0
arp timeout 14400
global (outside) 1 66.158.63.67-66.158.63.79
global (outside) 1 66.158.63.80
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
no rip outside passive
no rip outside default
no rip inside passive
no rip inside default
route outside 0.0.0.0 0.0.0.0 66.158.63.65 1

Additionally,I set my one router up like this in a test environment:
interface VLAN1
ip address 192.168.1.251 255.255.255.0
no ip directed-broadcast
ip nat outside
!
ip default-gateway 192.168.1.254
ip nat inside source list 199 interface VLAN1 overloadaccess-list 199 dynamic
Cluster-NAT permit ip any any

Please, if you could, tell me what I need to do to open ports 5631 and 5632

THANKS!!!!!!!!!

 

[jibbster]

pmandra, are you wanting to open these ports to all orare you planning on locking it down? In my environment, we permit PCAnywhere through the PIX, but only from specified hosts to specified hosts, for security reasons.

Let me know which way you plan and I can post some config info for you

 

[ProfMcough]

Did anyone ever reply directly to this post?

I am needing to configure the identical solution, with a defined (single) outside user.

 

[br0ck]

**Note don't post Public IP's!!!

1st__ Globals
>global (outside) 1 66.158.63.67-66.158.63.79
>global (outside) 1 66.158.63.80

change to
Global (outside) 1 interface
this will PAT all your outbound traffic off the eth0 IP address
(uses less PUB IP's)

2nd__ Statics
you will need a statment for each host you wish to publish

add
static (inside,outside) 1WANIP 1LANIP netmask 255.255.255.255 0 0

static (inside,outside) 2WANIP 2LANIP netmask 255.255.255.255 0 0

etc...

3rd____ ACL

access-list 100 permit tcp any host 1WANIP eq 5631
access-list 100 permit tcp any host 1WANIP eq 5632

access-list 100 permit tcp any host 2WANIP eq 5631
access-list 100 permit tcp any host 2WANIP eq 5632

access-group in interface outside

this will do the trick
good luck!
______________________________________________________

 

[kmills]

pmandra,
I agree with Brock, except that PC Anywhere uses tcp 5631 and udp 5632. Also, I would not open these ports for any host, but as Jibbster says, only open them to the specific hosts you are expecting to allow through.
I have my Pix configured to allow PC Anywhere from a specific host to a specific host and it works well.