Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

I need to open and map a range of UDP port 15000-15511

Status
Not open for further replies.
userice

userice

Technical User
Oct 24, 2002
78
US
HI,
I need to open and map a range of udp ports (15000~15511) Is there a good way to do it without type in access-list, and static commands 551 times.
 
Sort by date Sort by votes
What version OS are you running on your PIX? How many public ip addresses do you have?
 
Upvote 0 Downvote
I also need to map 15000~15551 to 10.10.1.3. Is there a better way to do this?
 
Upvote 0 Downvote
I am running 6.3.5, and I have 5 public IPs, but I only use 1 public IP
 
Upvote 0 Downvote
object-group service Allowed udp
port-object range 15000 15511

static (inside,outside) pub1 inside1 netmask 255.255.255.255

static (inside,outside) pub2 inside2 netmask 255.255.255.255


access-list out-in permit udp any host pub1 eq object-group Allowed

access-list out-in permit udp any host pub2 eq object-group Allowed
 
Upvote 0 Downvote
Thank you for your fast reply. When I entered those commands, I got “WARNING: mapped-address conflict with existing static” What should I do with that?
For example: WARNING: mapped-address conflict with existing static tcp from inside:10.10.1.1/80 to outside:79.x.y.z/80 netmask 255.255.255.255
 
Upvote 0 Downvote
Sorry, I guess I am getting confused. I should tell you the whole story. We have 5 IPs, but we only use 1. I have port 80, and port 443 mapped to 10.10.1.1. But, I need to map udp port 1065, udp port 2178, udp ports 15000~15551, and tcp port 8782 mapped to 10.10.1.3. When I do static (inside,outside) pub1 inside1 netmask 255.255.255.255, it caused some sort of conflict.
 
Upvote 0 Downvote
You will have to replace the statement with your actual Ip addresses ... sorry for not being clear


static (inside,outside) pub1 inside1 netmask 255.255.255.255


Assume public ip is 100.1.1.1 and inside ip is 10.10.1.3


static (inside,outside) 100.1.1.1 10.10.1.3 netmask 255.255.255.255
 
Upvote 0 Downvote
I did this:
object-group service Allowed udp
port-object range 15000 15511

but when I enter this:
access-list 100 permit udp any host w.x.y.z eq object-group Allowed

it also give me this:
Result of firewall command: "access-list 100 permit udp any host w.x.y.z eq object-group Allowed"

ERROR: invalid port object-group
Usage: [no] access-list compiled
[no] access-list deny-flow-max <n>
[no] access-list alert-interval <secs>
[no] access-list <id> object-group-search
[no] access-list <id> compiled
[no] access-list <id> [line <line-num>] remark <text>
[no] access-list <id> [line <line-num>] deny|permit
<protocol>|object-group <protocol_obj_grp_id>
<sip> <smask> | interface <if_name> | object-group <network_obj_grp_id>
[<operator> <port> [<port>] | object-group <service_obj_grp_id>]
<dip> <dmask> | interface <if_name> | object-group <network_obj_grp_id>
[<operator> <port> [<port>] | object-group <service_obj_grp_id>]
[log [disable|default] | [<level>] [interval <secs>]]
[no] access-list <id> [line <line-num>] deny|permit icmp
<sip> <smask> | interface <if_name> | object-group <network_obj_grp_id>
<dip> <dmask> | interface <if_name> | object-group <network_obj_grp_id>
[<icmp_type> | object-group <icmp_type_obj_grp_id>]
[log [disable|default] | [<level>] [interval <secs>]]
Restricted ACLs for route-map use:
[no] access-list <id> deny|permit {any | <prefix> <mask> | host <address>}
Command failed
 
Upvote 0 Downvote
Sorry, take out the eq

access-list 100 permit udp any host w.x.y.z object-group Allowed


I should have configured it in my lab to test first
 
Upvote 0 Downvote
Thank you so much for you help. I have another question.
I also have commands like those:

access-group 100 in interface outside
static (inside,outside) tcp interface 255.255.255.255 0 0
static (inside,outside) tcp interface 3389 10.10.1.1 3389 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface https 10.10.1.2 https netmask 255.255.255.255 0 0

If I enter the following command, it will cause conflicts. What should I do?
static (inside,outside) 100.1.1.1 10.10.1.3 netmask 255.255.255.255
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
1K
Sameer258
Sameer258
2
  • Locked
  • Question
Loss of my privacy
Replies
12
Views
2K
Rick998
Rick998
Miluis
  • Locked
  • Question
How necessary is an antivirus?
Replies
3
Views
317
Rick998
Rick998
XLNTech1
  • Locked
  • Question
iptables port forwarding
Replies
0
Views
692
XLNTech1
XLNTech1
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
815
Johnkite
Johnkite

Part and Inventory Search

Sponsor

Back
Top