Pls help open port 5080 (outbound) on Cisco pix 525 1

gau17 · Oct 9, 2007

Hello,

I need help opening port 5080 (outbound only) on a Cisco pix 525.

Thank you in advance

brianinms · Oct 9, 2007

The port is open by default, unless you blocked the port with an access-list then it is still open.

gau17 · Oct 9, 2007

it there a way I can verify it's open?

Supergrrover · Oct 9, 2007

Use netcat or portqry for windows and test through to a external server that you know the port is listening on.

Brent
Systems Engineer / Consultant
CCNP, CCSP

gau17 · Oct 9, 2007

thanks Brent,

Just in case it is not open. Could you or someone please tell me how I would open it, and let a specific ip address on my LAN initiate outbound traffic on that port?

Supergrrover · Oct 9, 2007

You can post your config - take out the passwords and mask the middle two octets of the public IP. Someone here should be able to confirm or let you know what changes need to be made.

Brent
Systems Engineer / Consultant
CCNP, CCSP

gau17 · Oct 9, 2007

Here is my config:

: Written by enable_15 at 13:20:15.479 UTC Tue May 3 2005
PIX Version 6.3(1)
interface ethernet0 10baset
interface ethernet1 100full
interface ethernet2 100basetx
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 dmz security50
enable password encrypted
passwd encrypted
hostname test
domain-name rd.com
fixup protocol ftp 21
no fixup protocol h323 h225 1720
no fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
no fixup protocol smtp 25

access-list acl_vpn permit ip 192.168.2.0 255.255.255.0 172.16.1.0 255.255.255.0

access-list acl_vpn permit ip 192.168.3.0 255.255.255.0 172.16.1.0 255.255.255.0

access-list acl_vpn permit ip 192.168.4.0 255.255.255.0 172.16.1.0 255.255.255.0

access-list acl_vpn permit ip 192.168.2.0 255.255.255.0 172.16.0.0 255.255.255.0

access-list acl_vpn permit ip 192.168.3.0 255.255.255.0 172.16.0.0 255.255.255.0

access-list acl_vpn permit ip 192.168.4.0 255.255.255.0 172.16.0.0 255.255.255.0

access-list acl_vpn permit ip 192.168.1.0 255.255.255.0 172.16.1.0 255.255.255.0

access-list acl_vpn permit ip host 192.168.1.3 x.x.19.0 255.255.255.0
access-list acl_vpn permit ip host 192.168.1.3 host 64.x.0.x
access-list acl_vpn permit ip 192.168.1.0 255.255.255.0 192.168.5.0 255.255.255.
0
access-list acl_vpn permit ip 192.168.1.0 255.255.255.0 192.168.3.0 255.255.255.
0
access-list acl_vpn permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.
0
access-list acl_in permit tcp 192.168.1.0 255.255.255.0 any eq https
access-list acl_in permit tcp 192.168.1.0 255.255.255.0 any eq ftp
access-list acl_in permit tcp 192.168.1.0 255.255.255.0 any eq pop3
access-list acl_in permit tcp 192.168.1.0 255.255.255.0 any eq aol
access-list acl_in permit tcp 192.168.1.0 255.255.255.0 any eq 5191
access-list acl_in permit tcp 192.168.1.0 255.255.255.0 any eq 5192
access-list acl_in permit tcp 192.168.1.0 255.255.255.0 any eq 5193
access-list acl_in permit tcp host 192.168.1.130 any eq smtp
access-list acl_in permit ip host 192.168.1.3 any
access-list acl_in permit tcp host 192.168.1.130 any eq ssh
access-list acl_in permit tcp host 192.168.1.130 any eq 3389
access-list acl_in permit tcp host 192.168.1.130 any eq telnet
access-list acl_in permit tcp 192.168.1.0 255.255.255.0 x.x.x.0 255.255.255
.0 eq 6869
access-list acl_in permit tcp 192.168.4.0 255.255.255.0 206.x.x.0 255.255.255
.0 eq 6869
access-list acl_in permit icmp 192.168.1.0 255.255.255.0 172.x.0.0 255.255.255.
0
access-list acl_in permit icmp 192.168.1.0 255.255.255.0 172.x.1.0 255.255.255.
0
access-list acl_in permit icmp host 192.168.1.3 172.x.x.0 255.255.255.0
access-list acl_in permit udp 192.168.1.0 255.255.255.0 host 204.70.127.127 eq d
omain
access-list acl_in permit tcp 192.168.1.0 255.255.255.0 any eq pop3
access-list acl_in permit tcp 192.168.1.0 255.255.255.0 any eq aol
access-list acl_in permit tcp 192.168.1.0 255.255.255.0 any eq 5191
access-list acl_in permit tcp 192.168.1.0 255.255.255.0 any eq 5192
access-list acl_in permit tcp 192.168.1.0 255.255.255.0 any eq 5193
access-list acl_in permit tcp host 192.168.1.130 any eq smtp
access-list acl_in permit ip host 192.168.1.3 any
access-list acl_in permit tcp host 192.168.1.130 any eq ssh
access-list acl_in permit tcp host 192.168.1.130 any eq 3389
access-list acl_in permit tcp host 192.168.1.130 any eq telnet
access-list acl_in permit tcp 192.168.1.0 255.255.255.0 206.x.x.0 255.255.255
.0 eq 6869
access-list acl_in permit tcp 192.168.4.0 255.255.255.0 206.x.x.0 255.255.255
.0 eq 6869
access-list acl_in permit icmp 192.168.1.0 255.255.255.0 172.x.0.0 255.255.255.
0
access-list acl_in permit icmp 192.168.1.0 255.255.255.0 172.x.1.0 255.255.255.
0
access-list acl_in permit icmp host 192.168.1.3 172.16.9.0 255.255.255.0
access-list acl_in permit udp 192.168.1.0 255.255.255.0 host 204.x.x.127 eq d
omain
access-list acl_in permit udp 192.168.1.0 255.255.255.0 host 204.x.x.128 eq d
omain
access-list acl_in permit udp host 192.168.1.130 host 4.2.2.2 eq domain
access-list acl_in permit ip host 192.168.1.254 any
access-list acl_in permit tcp 192.168.1.0 255.255.255.0 any eq 1365
access-list acl_in permit tcp 192.168.1.0 255.255.255.0 any eq ldap
access-list acl_in permit tcp 192.168.1.0 255.255.255.0 any eq 522
access-list acl_in permit tcp 192.168.1.0 255.255.255.0 any eq 1503
access-list acl_in permit tcp 192.168.1.0 255.255.255.0 any eq h323
access-list acl_in permit tcp 192.168.1.0 255.255.255.0 any eq 1731
access-list acl_in permit icmp 192.168.1.0 255.255.255.0 192.168.5.0 255.255.255
.0
access-list acl_in permit ip 192.168.1.0 255.255.255.0 192.168.5.0 255.255.255.0

access-list acl_in permit tcp host 192.168.1.x any eq pcanywhere-data
access-list acl_in permit tcp host 192.168.1.x any eq 3389
access-list acl_in permit ip 192.168.1.0 255.255.255.0 172.x.x.0 255.255.255.0

access-list acl_in permit ip 192.168.1.0 255.255.255.0 192.168.3.0 255.255.255.0

access-list acl_in permit ip host 192.168.1.235 any
access-list acl_in permit udp 192.168.1.0 255.255.255.0 any eq domain
access-list acl_in permit ip host 192.168.1.15 any
access-list acl_in permit ip host 192.168.1.16 any
access-list acl_in permit ip host 192.168.1.130 any
access-list acl_vendor permit ip host 192.168.1.3 host 64.x.x.x
access-list acl_wilshire permit ip 192.168.1.0 255.255.255.0 192.168.5.0 255.255
.255.0
access-list acl_wilshire permit ip host 192.168.1.22 host 64.x.x.x
access-list acl_crlny permit ip 192.168.1.0 255.255.255.0 192.168.3.0 255.255.25
5.0
access-list acl_crlny permit ip host 192.168.1.22 host 69.x.x.x
access-list acl_ny permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0

access-list acl_ny permit ip host 64.x.x.x 192.168.2.0 255.255.255.0
access-list acl_ny permit ip 192.168.1.0 255.255.255.0 host 209.x.x.x
access-list acl_ny permit ip host 192.168.1.22 host 209.x.x.x
access-list acl_vendor3 permit ip host 192.168.1.3 host 63.x.x.100
pager lines 24
logging on
logging console critical
logging monitor debugging
logging buffered debugging
logging trap debugging
logging facility 7
logging queue 2048
logging host inside 192.168.1.22
no logging message 400011
no logging message 111008
no logging message 111007
icmp permit 64.x.x.0 255.255.255.0 echo outside
icmp permit 24.x.x.0 255.255.255.0 outside
icmp deny any outside
mtu outside 1500
mtu inside 1500
mtu dmz 1500
ip address outside 64.x.x.x 255.255.255.240
ip address inside 192.168.1.1 255.255.255.0
ip address dmz 10.1.1.1 255.255.255.0
ip audit name ingress_info info action alarm
ip audit name ingress_attack attack action alarm drop reset
ip audit name egress_info info action alarm
ip audit name egress_attack attack action alarm drop reset
ip audit interface outside ingress_info
ip audit interface outside ingress_attack
ip audit info action alarm
ip audit attack action alarm
ip local pool vpn_pool_admin 172.16.1.1-172.16.1.10
ip local pool vpn_pool_user 172.16.10.1-172.16.10.10
ip local pool vpn_pool_root 172.16.0.1-172.16.0.5
ip local pool vpn_pool_sales 172.16.19.1-172.16.19.5
pdm history enable
arp timeout 14400
global (outside) 1 64.x.x.x
nat (inside) 0 access-list acl_vpn
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 64.x.x.x 192.168.1.3 netmask 255.255.255.255 0 0
static (inside,outside) 64.x.x.x 192.168.1.235 netmask 255.255.255.255 0 0
static (inside,outside) 64.x.x.x 192.168.1.16 netmask 255.255.255.255 0 0
access-group acl_out in interface outside
access-group acl_in in interface inside
route outside 0.0.0.0 0.0.0.0 64.x.x.x 1
route inside 192.168.4.0 255.255.255.0 192.168.1.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
url-server (inside) vendor websense host 192.168.1.22 timeout 5 protocol TCP ver
sion 1
url-cache src_dst 128KB
filter url http 192.168.1.0 255.255.255.0 0.0.0.0 0.0.0.0 allow
filter url 21 192.168.1.0 255.255.255.0 0.0.0.0 0.0.0.0 allow
http server enable
http 24.x.56.0 255.255.255.0 outside
http 192.168.1.254 255.255.255.255 inside
http 192.168.1.130 255.255.255.255 inside
http 192.168.1.15 255.255.255.255 inside
http 192.168.1.22 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set set_high esp-3des esp-sha-hmac
crypto ipsec transform-set set_med esp-3des esp-md5-hmac
crypto dynamic-map dynamic_vpn 1 set transform-set set_med
crypto map vpn_map 3 ipsec-isakmp
crypto map vpn_map 3 match address acl_crlny
crypto map vpn_map 3 set peer 69.x.x.155
crypto map vpn_map 3 set transform-set set_med
crypto map vpn_map 4 ipsec-isakmp
crypto map vpn_map 4 match address acl_wilshire
crypto map vpn_map 4 set peer 64.60.91.30
crypto map vpn_map 7 match address acl_ny
crypto map vpn_map 7 set peer 209.x.x.85
crypto map vpn_map 7 set transform-set set_med
crypto map vpn_map 8 ipsec-isakmp
crypto map vpn_map 8 match address acl_vendor3
crypto map vpn_map 8 set peer 63.x.x.100
crypto map vpn_map 8 set transform-set set_med
crypto map vpn_map 10 ipsec-isakmp dynamic dynamic_vpn
crypto map vpn_map client configuration address initiate
crypto map vpn_map client configuration address respond
crypto map vpn_map interface outside
isakmp enable outside
isakmp key ******** address 69.x.x.155 netmask 255.255.255.255 no-xauth no-con
fig-mode
isakmp key ******** address 64.x.x.171 netmask 255.255.255.255 no-xauth no-con
fig-mode
isakmp key ******** address 63.x.x.100 netmask 255.255.255.255 no-xauth no-c
onfig-mode
isakmp key ******** address 209.x.x.85 netmask 255.255.255.255 no-xauth no-co
nfig-mode
isakmp key ******** address 64.x.x.30 netmask 255.255.255.255 no-xauth no-conf
ig-mode
isakmp identity address
isakmp nat-traversal 20
isakmp policy 5 authentication pre-share
isakmp policy 5 encryption 3des
isakmp policy 5 hash md5
isakmp policy 5 group 2
isakmp policy 5 lifetime 86400
vpngroup jpr-admin address-pool vpn_pool_admin
vpngroup jpr-admin dns-server 192.168.1.15
vpngroup jpr-admin split-tunnel acl_vpn
vpngroup jpr-admin idle-time 1800
vpngroup jpr-admin password ********
vpngroup root address-pool vpn_pool_root
vpngroup root dns-server 192.168.1.15
vpngroup root split-tunnel acl_vpn
vpngroup root idle-time 1800
vpngroup root password ********
vpngroup jpr-sales address-pool vpn_pool_sales
vpngroup jpr-sales dns-server 192.168.1.15
vpngroup jpr-sales split-tunnel acl_vpn
vpngroup jpr-sales idle-time 1800
vpngroup jpr-sales password ********
vpngroup jpr-innovative address-pool vpn_pool_vendor
vpngroup jpr-innovative dns-server 192.168.1.15
vpngroup jpr-innovative idle-time 1800
vpngroup jpr-innovative password ********
vpngroup performance3 address-pool vpn_pool_sales
vpngroup performance3 dns-server 192.168.1.15
vpngroup performance3 split-tunnel acl_vpn
vpngroup performance3 idle-time 1800
vpngroup performance3 password ********
vpngroup jpr-global address-pool vpn_pool_admin
vpngroup jpr-global dns-server 192.168.1.15
vpngroup jpr-global split-tunnel acl_vpn
vpngroup jpr-global idle-time 1800
vpngroup jpr-global password ********
telnet 192.168.1.254 255.255.255.255 inside
telnet 192.168.1.130 255.255.255.255 inside
telnet 192.168.1.22 255.255.255.255 inside
telnet timeout 30
ssh 24.199.56.0 255.255.255.0 outside
ssh 192.168.1.254 255.255.255.255 inside
ssh 192.168.1.130 255.255.255.255 inside
ssh 192.168.1.15 255.255.255.255 inside
ssh 192.168.1.22 255.255.255.255 inside
ssh timeout 60
console timeout 0
vpngroup performance3 idle-time 1800
vpngroup performance3 password ********
vpngroup jpr-global address-pool vpn_pool_admin
vpngroup jpr-global dns-server 192.168.1.15
vpngroup jpr-global split-tunnel acl_vpn
vpngroup jpr-global idle-time 1800
vpngroup jpr-global password ********
telnet 192.168.1.254 255.255.255.255 inside
telnet 192.168.1.130 255.255.255.255 inside
telnet 192.168.1.22 255.255.255.255 inside
telnet timeout 30
ssh 24.x.x.0 255.255.255.0 outside
ssh 192.168.1.254 255.255.255.255 inside
ssh 192.168.1.130 255.255.255.255 inside
ssh 192.168.1.15 255.255.255.255 inside
ssh 192.168.1.22 255.255.255.255 inside
ssh timeout 60
console timeout 0
url-block url-mempool 10240
url-block url-size 4
url-block block 128
terminal width 80
Cryptochecksum:x

Supergrrover · Oct 9, 2007

OK, so your ACL applied to the inside interface is blocking it.
You will need to add this line.

access-list acl_in permit tcp 192.168.1.0 255.255.255.0 any eq 5080

That should do it.

Brent
Systems Engineer / Consultant
CCNP, CCSP

gau17 · Oct 10, 2007

Brent what if I only want it for a specific internal ip address and only outbound traffic?

Supergrrover · Oct 10, 2007

change it to

access-list acl_in permit tcp host 192.168.1.X any eq 5080

Brent
Systems Engineer / Consultant
CCNP, CCSP

gau17 · Oct 10, 2007

Brent,

Many thanks.

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Pls help open port 5080 (outbound) on Cisco pix 525 1

gau17

IS-IT--Management

brianinms

MIS

gau17

IS-IT--Management

Supergrrover

IS-IT--Management

gau17

IS-IT--Management

Supergrrover

IS-IT--Management

gau17

IS-IT--Management

Supergrrover

IS-IT--Management

gau17

IS-IT--Management

Supergrrover

IS-IT--Management

gau17

IS-IT--Management

Similar threads

Part and Inventory Search

Sponsor