PIX 515E config Open udp port 1194 to a set server disrupts Wireless 1

[mumuland]

I am using a PIX 515E unit (PIX7.0(4) Asdm 5.0(4))
The system allows me to operate with no problems via the
School YHGFL connection. I have been asked to open a port
for a new connection using udp port 1194 to a specific server operating SIMS. When I open this port with the following lines. My connectivity to the SIMS server via wireless connection is lost. Take out these lines and it works correctly again. Any suggestions will help me greatly.

Looking forward to any replies.

Lines input:

access-list outside_access_in extended permit udp any host xx.xxx.xx.xx eq 1194
access-list outside_access_in extended permit any interface outside eq 1194
Static (outside,inside) udp 10.22.1.15 1194 0.0.0.0 1194 netmask 255.255.255.255
static (inside,outside) ude interface 1194 10.22.1.15 1194 netmask 255.255.255.255

xx.xxx.xx.xx = my YHGFL IP

My running config is as below:

asdm image flash:/asdm-504.bin
asdm location DCS01 255.255.255.255 inside
asdm location DCS02 255.255.255.255 inside
asdm location LearnS01 255.255.255.255 inside
asdm location PROXYS01 255.255.255.255 inside
asdm location smtp 255.255.255.255 outside
asdm location CACHEPILOT 255.255.255.255 inside
asdm location FilterS01 255.255.255.255 inside
asdm location portal 255.255.255.255 outside
asdm location MailS01 255.255.255.255 inside
asdm location RDP 255.255.255.255 outside
asdm location MediaS01 255.255.255.255 inside
asdm location FileprintS01 255.255.255.255 inside
asdm location AV_Equipment 255.255.255.255 inside
asdm location ManageS01 255.255.255.255 inside
asdm location SIMS 255.255.255.255 inside
asdm group servers inside
asdm group DNS_Servers inside
asdm history enable
: Saved
:
PIX Version 7.0(4)
!
hostname pixfirewall
domain-name chaucerschool.local
enable password Am7B5QA0CdmKIW3f encrypted
names
name xx.xxx.xx.xx smtp
name 10.22.1.2 DCS02
name 10.22.1.1 DCS01
name 10.22.1.8 PROXYS01
name 10.22.1.12 CACHEPILOT
name xx.xxx.xx.xx portal
name xx.xxx.xx.xx RDP description RDP
name 10.22.4.200 AV_Equipment description Equipment for AV Solutions
name 10.22.1.7 ManageS01
name 10.22.1.5 MailS01
name 10.22.1.3 FileprintS01
name 10.22.1.10 FilterS01
name 10.22.1.11 MediaS01
name 10.22.1.6 LearnS01
name 10.22.1.15 SIMS
!
interface Ethernet0
description Outside in of PIX
duplex full
nameif outside
security-level 0
ip address xx.xxx.xx.xx 255.255.252.0 standby xx.xxx.xx.xx
!
interface Ethernet1
duplex full
nameif inside
security-level 100
ip address 10.22.0.254 255.255.0.0 standby 10.22.0.252
!
passwd Am7B5QA0CdmKIW3f encrypted
!
time-range Always
!
boot system flash:/pix704.bin
ftp mode passive
same-security-traffic permit inter-interface
object-group network servers
network-object DCS01 255.255.255.255
network-object DCS02 255.255.255.255
network-object LearnS01 255.255.255.255
network-object PROXYS01 255.255.255.255
network-object CACHEPILOT 255.255.255.255
network-object FilterS01 255.255.255.255
object-group service Portal tcp
port-object eq www
port-object eq https
object-group service mail tcp
port-object eq telnet
port-object eq smtp
port-object eq echo
object-group service RDP tcp
description Remote Desktop
port-object range 3389 3389
object-group service Nimbus tcp
description Nimbus
port-object range 48000 48020
object-group service AV_EquipmentTCP tcp
description TCP Ports for AV equipment (3230-3235,1719-1720,1503)
port-object range 3230 3235
port-object range 1503 1503
port-object range 1719 h323
object-group service AV_EquipmentUDP udp
description UDP ports for AV equipment (3230 -3235)
port-object range 3230 3235
object-group service webaccess tcp-udp
port-object eq www
port-object eq domain
object-group network DNS_Servers
network-object DCS01 255.255.255.255
network-object DCS02 255.255.255.255
access-list outside_access_in remark Portal Access rule
access-list outside_access_in extended permit tcp any host portal object-group Portal
access-list outside_access_in remark Web In
access-list outside_access_in extended permit tcp any eq

http://www any

eq www
access-list outside_access_in remark RDP
access-list outside_access_in remark Email In
access-list outside_access_in extended permit tcp any host smtp eq smtp
access-list outside_access_in extended permit tcp any host RDP object-group Nimbus
access-list outside_access_in remark Portal Access rule
access-list outside_access_in remark Web In
access-list outside_access_in remark RDP
access-list outside_access_in remark Email In
access-list outside_access_in remark RDP
access-list outside_access_in extended permit tcp any interface outside eq 3389
access-list outside_access_in extended permit tcp any host 10.101.72.31 eq 3389
access-list outside_access_in remark RDP manages01
access-list outside_access_in extended permit tcp any host 10.101.72.31 eq 3390
access-list outside_access_in extended permit tcp any interface outside eq 3390
access-list outside_access_in extended permit tcp any host 10.101.72.31 eq 3391
access-list outside_access_in extended permit tcp any interface outside eq 3391
pager lines 24
logging enable
logging trap alerts
logging asdm informational
logging device-id ipaddress inside
mtu outside 1500
mtu inside 1500
failover
monitor-interface outside
monitor-interface inside
asdm image flash:/asdm-504.bin
asdm history enable
arp timeout 14400
global (outside) 10 interface
nat (inside) 10 0.0.0.0 0.0.0.0
static (outside,inside) tcp interface

http://www 0.0.0.0

http://www netmask

255.255.255.255 dns
static (outside,inside) tcp FileprintS01 3389 0.0.0.0 3389 netmask 255.255.255.255 dns
static (inside,outside) tcp interface 3389 FileprintS01 3389 netmask 255.255.255.255
static (outside,inside) tcp 10.22.1.99 9999 0.0.0.0 9999 netmask 255.255.255.255 dns
static (outside,inside) tcp 10.22.5.185 3389 0.0.0.0 3396 netmask 255.255.255.255
static (outside,inside) tcp ManageS01 3389 0.0.0.0 3390 netmask 255.255.255.255
static (inside,outside) tcp interface 3390 ManageS01 3389 netmask 255.255.255.255
static (outside,inside) tcp DCS02 3389 0.0.0.0 3391 netmask 255.255.255.255
static (inside,outside) tcp interface 3391 DCS02 3389 netmask 255.255.255.255
static (inside,outside) portal PROXYS01 netmask 255.255.255.255
static (inside,outside) smtp MailS01 netmask 255.255.255.255
static (inside,outside) RDP DCS01 netmask 255.255.255.255
static (inside,outside) SIMS SIMS netmask 255.255.255.255
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 xx.xxx.xx.x 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
http server enable
http 10.22.0.0 255.255.0.0 inside
http 10.22.0.254 255.255.255.255 inside
http DCS02 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
snmp-server enable traps snmp authentication linkup linkdown coldstart
no sysopt connection permit-ipsec
telnet 10.22.0.0 255.255.0.0 inside
telnet timeout 5
ssh timeout 5
ssh version 1
console timeout 0
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect http
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
Cryptochecksum:bbf4b3967fb21653c6adeec7354c1203
: end

 

[brianinms]

You only need these 2 lines


access-list outside_access_in extended permit any interface outside eq 1194
static (inside,outside) udp interface 1194 10.22.1.15 1194 netmask 255.255.255.255