Hi Muhammad,
I just put up a 515-UR, OS 5.3(1). Quoth the manual, "Cisco recommends that
you do not use the access-list command with the conduit and outbound
commands." There are some evaluation sequence issues.
That said, from configuration mode:
access-list acl_out permit tcp any any eq 3050
access-list acl_out permit udp any any eq 3050
<similar entries for port 3051>
access-group acl_out in interface outside
Like many computer things, there are other ways around the barn, and other
flavors of the command to do the same, or similar things. For instance
'any' can be substituted with a 'host ipaddress' for a single permit or a
'ipaddress netmask' combination for a range of permitted systems to access
those ports. 'udp' and 'tcp' can be covered by 'ip', which also covers icmp
packets.
While I haven't used this command, 'range' could be used as the operator
rather than 'eq'. According to the manual, thusly:
access-list acl_out permit ip any any range 3050 3051
That should/could drop your configuration file line count down a bit. My
configuration file is leaning towards the enormous. Small price, though,
for a secure site.
Best, G.
Bellingham, Washington
-----Original Message-----
From: Darren Crawford [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, March 13, 2001 11:06 AM
To: Muhammad Faheem; cisco@groupstudy. com (E-mail)
Subject: Re: How to Open Pix firewall Ports
If you are opening the ports to "outside" entities you'll need to create
conduits. They would look something like this:
conduit permit udp host 1.1.1.1 eq 3050 any
conduit permit tcp host 1.1.1.1 eq 3050 any
conduit permit udp host 1.1.1.1 eq 3051 any
conduit permit tcp host 1.1.1.1 eq 3051 any
HTH
Darren
At 09:56 PM 03/13/2001 +0400, Muhammad Faheem wrote:
>Hi Guys
>
>I want to open port 3050 and 3051 on Pix firewall , i would appreciate if
>any body Guide me how to get this done or what command should i check.
>
>Regards
>Muhammad Faheem
>Systems Engineer
>Afcomp
>Hello : (9714)-3933878 / 3027338
>Fax : (9714)-3933832
>Web : www.afcomp.com
>
>_________________________________
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Darren S. Crawford
Lucent Technologies Worldwide Services
2377 Gold Meadow Way Phone: (916) 859-5200 x310
Suite 230 Fax: (916) 859-5201
Sacramento, CA 95670 Pager: (800) 467-1467
Email: [EMAIL PROTECTED] Epager: [EMAIL PROTECTED]
<http://www.lucent.com>http://www.lucent.com Network Systems
Consultant - CCNA
_________________________________
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
