Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Opening a Port on PIX515

Status
Not open for further replies.
life036

life036

IS-IT--Management
Mar 29, 2005
25
US
Hi All,

I'm trying to open some ports on my PIX515 to enable iChat / AIM communication over the internet. Now, I've opened ports before using the following two commands for example:

1) access-list server_access permit tcp any host 72.*.*.* eq www
(This line to 'permit' the port)
2) static (inside,outside) tcp 72.*.*.* 255.255.255.255 0 0
(And this line to create a route for the traffic to go)

My question is, what if we don't have a static route for the traffic to go? Anyone and everyone will want to use a video chat application sooner or later, so how can I let the firewall know that the traffic on these ports can go to anyone? I've only used these commands for servers with static IPs before, so I'm a little unclear on the procedure for just opening a port to any and all traffic, no matter what it's destination is.
 
Sort by date Sort by votes
You can do so only if the internal servers use different services on different ports.
An example would be if you had.
= 10.1.122.222
ftp server = 10.1.122.123
email server = 10.1.122.124

static (inside,outside) tcp interface 80 10.1.122.222 80 netmask 255.255.255.255
static (inside,outside) tcp interface 21 10.1.122.123 21 netmask 255.255.255.255
static (inside,outside) tcp interface 20 10.1.122.123 20 netmask 255.255.255.255
static (inside,outside) tcp interface 25 10.1.122.222 25 netmask 255.255.255.255

You can replace the word interface with any single public IP available
 
Upvote 0 Downvote
Hi DRBK,

That looks like what I'm doing already with my servers. I have no problem opening ports in that fashion.

You see, I'm not trying to get the traffic to go to my local servers. Rather, I'm trying to open the iChat ports and let the traffic go to whatever host is requesting it. I just want to blow the port wide open, and not direct the traffic to any server at all.

You see, there is no way I can know which user/host is going to be using iChat, so pointing the traffic to a specific local host would be pointless. I just want to make it like there is no firewall, for a select few ports.

See where I'm going with this?

Thanks,
Chris
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

XLNTech1
  • Locked
  • Question
iptables port forwarding
Replies
0
Views
680
XLNTech1
XLNTech1
Miluis
  • Locked
  • Question
How necessary is an antivirus?
Replies
3
Views
286
Rick998
Rick998
Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
1K
Sameer258
Sameer258
PauS0n
  • Locked
  • Question
Need Help On Cisco ASA 5512 Running Version 9
Replies
0
Views
308
PauS0n
PauS0n
ttrsux
  • Locked
  • Question
Error opening IKE port 4500 on Interface outside
Replies
0
Views
379
ttrsux
ttrsux

Part and Inventory Search

Sponsor

Back
Top