Quick UDP ACL question.

[octavian10]

Simple pix setup,

outside 200.200.200.1
inside 192.168.1.1

I need to permit UDP access from a public ip address off of the outside interface to the 192.168.1.0 inside network.

I am not sure why what I have tried so far has not worked.

Also, I have an internal machine with a static translation that is working with this udp application no problem,

static (inside,outside) xx.xx.xx.xx 192.168.1.244 netmask 255.255.255.0

access-list permit_udp permit udp host 200.200.200.2 host xx.xx.xx.xx
I am not sure why it works with the static translation machine an no other machine on the same network.

Thanks in advance.

"I hear and I forget. I see and I remember. I do and I understand."
- Confucius (551 BC - 479)

 

[Supergrrover]

You need to direct the traffic to a specific machine as you have done with your existing static.

You can use either the full static translation (sending all traffic to inbound to the external IP to the internal IP) or you can use PAT (where just the ports you want get forwarded.)
Then you ACL should go like

access-list permit_udp permit udp host [External_IP] any eq [Port_#]

Hope this helps.



Brent
Systems Engineer / Consultant
CCNP, CCSP