Questions

Forwarding port with pix501 from outside ip

+
0 Votes
Locked

Forwarding port with pix501 from outside ip

st0neganesa
Ok, I have a VPN and am able to connect to our outside computers via PCAnywhere through the internal IP's. Now, I want to be able to connect from a computer outside our VPN. We are using a Cisco Pix501(192.168.3.1), actiontec GT701(xxx.xxx.xxx.158) for DSL modem. I have tried forwarding the port from the dsl modem to the internal ip of the computer, this unfortunately didnt work. I tried to form a static between the DSL modem and the computer (192.168.3.202) using this command:

Static(inside,outside) TCP xxx.xxx.xxx.158 5631 192.168.3.202 5631 netmask 255.255.255.255 0 0
and
Access-list acl_out permit TCP any host xxx.xxx.xxx.158 eq 5631.
Also using commands replacing TCP and 5631 with UDP 5632.

Now, none of this is working, I am wondering where I am going wrong in my train of thought. Would I need to forward ports from dsl modem to pix, then pix to computer? Am I just not getting something correct? Should I be able to simply forward ports from the dsl modem to the computer's internal IP? Or is this just completely impossible?
It's been about 4 months since I've dicked around with this network and its equipment, and any computer for that matter.

Any help as to what needs to be done, either specific or reasonably vague would be excellent!
  • +
    0 Votes

    ah

    CG IT

    Pix is a firewall. That means nothing from the outside is let in unless you tell Pix to allow it.

    I'm surprised that you would ask a question such as this and yet you use a Cisco Pix firewall solution. Pix runs on IOS and to configure it, one must know IOS. ACLs are a basic configuration anyone working with Cisco routers/firewalls first learns.

    here's a hint: inherent deny statement at the end of any ACL.

    +
    0 Votes
    ttetzloff

    This reply was not very helpful to this guy. Anyhow, hows about you cut out the sarcasm and be helpful. Isnt this what this place is for? Not everyone has time to remember cisco ios, especially with a firewall that you normally set and forget until someone comes along and needs access (usually verndors). I hope that the next time you need help, someone is as big of a jerk as you were.. think about it.

    +
    0 Votes
    Lino767

    Quick question for you, I have pix 501 that I am working on. What do I need to do on the Actiontec modem? It seems I need to make some change either on the pix or on the medem to get access to the internet. Internet works without pix. I am able to configure DNS,DHCP,static IP (Inside and outside), i am also able to ping the pix internally. This is my first time working on Cisco product, please let me know if you can help me....Thank you,

  • +
    0 Votes

    ah

    CG IT

    Pix is a firewall. That means nothing from the outside is let in unless you tell Pix to allow it.

    I'm surprised that you would ask a question such as this and yet you use a Cisco Pix firewall solution. Pix runs on IOS and to configure it, one must know IOS. ACLs are a basic configuration anyone working with Cisco routers/firewalls first learns.

    here's a hint: inherent deny statement at the end of any ACL.

    +
    0 Votes
    ttetzloff

    This reply was not very helpful to this guy. Anyhow, hows about you cut out the sarcasm and be helpful. Isnt this what this place is for? Not everyone has time to remember cisco ios, especially with a firewall that you normally set and forget until someone comes along and needs access (usually verndors). I hope that the next time you need help, someone is as big of a jerk as you were.. think about it.

    +
    0 Votes
    Lino767

    Quick question for you, I have pix 501 that I am working on. What do I need to do on the Actiontec modem? It seems I need to make some change either on the pix or on the medem to get access to the internet. Internet works without pix. I am able to configure DNS,DHCP,static IP (Inside and outside), i am also able to ping the pix internally. This is my first time working on Cisco product, please let me know if you can help me....Thank you,