RE: How to Open Pix firewall Ports
It depends on the version you're using: some versions you can only issue the conduit commands, new versions 5.X you can do both conduits and static/access-lists commands. Let me know which version you're using. Nabil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Muhammad Faheem Sent: Tuesday, March 13, 2001 12:57 PM To: cisco@groupstudy. com (E-mail) Subject: How to Open Pix firewall Ports Hi Guys I want to open port 3050 and 3051 on Pix firewall , i would appreciate if any body Guide me how to get this done or what command should i check. Regards Muhammad Faheem Systems Engineer Afcomp Hello : (9714)-3933878 / 3027338 Fax : (9714)-3933832 Web : www.afcomp.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How to Open Pix firewall Ports
Well you can use the STATIC and CONDUIT commands to do it and open ports with the conduit statement. However, these will be replaced with ACL statements in a near future version. If you have a manual, see if you can figure it out from there. If not I can help you offline send the final result back to the list. - Original Message - From: "Muhammad Faheem" [EMAIL PROTECTED] To: "cisco@groupstudy. com (E-mail)" [EMAIL PROTECTED] Sent: Tuesday, March 13, 2001 11:56 AM Subject: How to Open Pix firewall Ports Hi Guys I want to open port 3050 and 3051 on Pix firewall , i would appreciate if any body Guide me how to get this done or what command should i check. Regards Muhammad Faheem Systems Engineer Afcomp Hello : (9714)-3933878 / 3027338 Fax : (9714)-3933832 Web : www.afcomp.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How to Open Pix firewall Ports
If you are opening the ports to "outside" entities you'll need to create conduits. They would look something like this: conduit permit udp host 1.1.1.1 eq 3050 any conduit permit tcp host 1.1.1.1 eq 3050 any conduit permit udp host 1.1.1.1 eq 3051 any conduit permit tcp host 1.1.1.1 eq 3051 any HTH Darren At 09:56 PM 03/13/2001 +0400, Muhammad Faheem wrote: Hi Guys I want to open port 3050 and 3051 on Pix firewall , i would appreciate if any body Guide me how to get this done or what command should i check. Regards Muhammad Faheem Systems Engineer Afcomp Hello : (9714)-3933878 / 3027338 Fax : (9714)-3933832 Web : www.afcomp.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Darren S. Crawford Lucent Technologies Worldwide Services 2377 Gold Meadow WayPhone: (916) 859-5200 x310 Suite 230 Fax: (916) 859-5201 Sacramento, CA 95670Pager: (800) 467-1467 Email: [EMAIL PROTECTED] Epager: [EMAIL PROTECTED] http://www.lucent.comhttp://www.lucent.com Network Systems Consultant - CCNA _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: How to Open Pix firewall Ports
Hi Muhammad, I just put up a 515-UR, OS 5.3(1). Quoth the manual, "Cisco recommends that you do not use the access-list command with the conduit and outbound commands." There are some evaluation sequence issues. That said, from configuration mode: access-list acl_out permit tcp any any eq 3050 access-list acl_out permit udp any any eq 3050 similar entries for port 3051 access-group acl_out in interface outside Like many computer things, there are other ways around the barn, and other flavors of the command to do the same, or similar things. For instance 'any' can be substituted with a 'host ipaddress' for a single permit or a 'ipaddress netmask' combination for a range of permitted systems to access those ports. 'udp' and 'tcp' can be covered by 'ip', which also covers icmp packets. While I haven't used this command, 'range' could be used as the operator rather than 'eq'. According to the manual, thusly: access-list acl_out permit ip any any range 3050 3051 That should/could drop your configuration file line count down a bit. My configuration file is leaning towards the enormous. Small price, though, for a secure site. Best, G. Bellingham, Washington -Original Message- From: Darren Crawford [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 13, 2001 11:06 AM To: Muhammad Faheem; cisco@groupstudy. com (E-mail) Subject: Re: How to Open Pix firewall Ports If you are opening the ports to "outside" entities you'll need to create conduits. They would look something like this: conduit permit udp host 1.1.1.1 eq 3050 any conduit permit tcp host 1.1.1.1 eq 3050 any conduit permit udp host 1.1.1.1 eq 3051 any conduit permit tcp host 1.1.1.1 eq 3051 any HTH Darren At 09:56 PM 03/13/2001 +0400, Muhammad Faheem wrote: Hi Guys I want to open port 3050 and 3051 on Pix firewall , i would appreciate if any body Guide me how to get this done or what command should i check. Regards Muhammad Faheem Systems Engineer Afcomp Hello : (9714)-3933878 / 3027338 Fax : (9714)-3933832 Web : www.afcomp.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Darren S. Crawford Lucent Technologies Worldwide Services 2377 Gold Meadow WayPhone: (916) 859-5200 x310 Suite 230 Fax: (916) 859-5201 Sacramento, CA 95670Pager: (800) 467-1467 Email: [EMAIL PROTECTED] Epager: [EMAIL PROTECTED] http://www.lucent.comhttp://www.lucent.com Network Systems Consultant - CCNA _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
