Opening ports on PIX

[ntwrkrbkj]

I am setting up video conferencing on a machine in my network. I know I can do port forwarding on the router, but is there anyway to open the ports I need on the PIX firewall for just one machine? Or would I have to open them for the entire network?

 

[routerman]

You can specify 1 address in the ACL, by using the host keyword. This way you could limit the connection to just 2 addresses.
access-list 100 permit IP host 1.2.3.4 host 192.199.99.9 where 1.2.3.4 is the users source address, 192.199.99.9 is the outside pix address defined in your static. If you know the IP protocol (UDP/TCP) and port numbers you can imprve the ACL security by including these parameters.


If your outside user is connecting via an ISP then you'll find that each time they connect they may be given a different IP address picked out of the ISP's allocated range. This makes the ACL configuration a bit more difficult. If this is a problem then you may be able to get around it by using a VPN connection, this way you can control the IP address you allocate to the VPN client.

 

[ntwrkrbkj]

Ok, so basically I do the same thing on the PIX as I would on a router to open up ports? Awesome, I was betting it would be some weird command .

I will have to open on the PIX and static map on the router though, right?