Newbie question re: PIX 501 firewall

[austinringding]

Hi everyone, i need a little help figuring out how to add a rule to my firewall config. Our company has a PIX 501 running v6.3(3) and Cisco PIX Device Manager Version 1.1(2) Anyway, I need to open up port 5900 for Remote access via VNC. If my external IP is 1.2.3.4 and the internal IP i'm trying to reach is 192.168.0.25 then what would the commands be to achieve this?

Thanks for any and all help.

 

[austinringding]

this is what i've been trying:
access-list acl_out permit tcp any host 192.168.0.25 eq 5900
however, when I type that command, I get Type help or '?' for a list of available commands.

what am i doing wrong?

 

[KiscoKid]

You need to define a NAT and access list statement to achieve what you want. Let's assume there is an ACL resident on the outside interface called "outside" thus your new config statements will look like this:

static (inside,outside) tcp interface 5900 192.168.0.25 5900 netmask 255.255.255.255

access-list outside permit tcp any host 1.2.3.4 eq 5900

access-group outside in interface outside

 

[austinringding]

Hey KiscoKid, thanks for the response.
i've added those commands and they seemed to go over just fine. my question now: do I need to reboot the pix to get them to take effect?

 

[UnaBomber]

No you dont need to reboot, in fact if you didnt wr mem (write your config to memory/start-up config) you will loose the additional lines added to your config since your last wr mem, after a reload.

UnaBomber
ccnp mcse2k