1

I need to open a port on a PIX 515.

Please can someone explain what I should be entering including the commands.

For the purposes of the explanation (so I can understand it ) I've given the different elements the following ips

Destination IP that the workstation on my network will be contacting: XXX.XXX.XXX.XXX

The workstation on my network YYY.YYY.YYY.YYY

PIX IP: ZZZ.ZZZ.ZZZ.ZZZ

Port = PPPPP

I have logged onto the PIX via Hyperterminal.

Thanks for your help.

2 Answers2

1

So the first thing you are going to want to do is figure out the name of the ACL attached to your inside interface. You can do this by issuing sh run access-group you'll get output like below:

PIX# access-group outside_access_in in interface outside
PIX# access-group Wireless_access_in in interface Wireless
PIX# access-group inside_access_in in interface inside

You want the second field - that is the ACL name. So in the above example to add an allowed port on the inside interface of my firewall I need the ACL named "inside_access_in"

to modify the ACL you would issue:

PIX# access-list inside_access_in extended permit tcp host YYY.YYY.YYY.YYY host XXX.XXX.XXX.XXX eq PPPPP
Zypher
  • 37,405
  • 5
  • 53
  • 95
-1

You go to the console of your router (with Hyper terminal), and from tehre you go onto "configure terminal" mode (Type "conf t").

From there, you can add lines such as 

access-list 10 permit tcp host x.x.x.x host y.y.y.y eq ppp

more examples are here.

If you type 

show access-lists

you will see all access lists configured.

ndrix
  • 199
  • 3
  • write term brings up an long access list for in and out but show access-lists in only has two lines in it. How can this be? –  Sep 16 '10 at 10:05
  • Could you give an example (just make sure to mask out IP addresses). Also, make sure you're in "enable" mode. – ndrix Sep 20 '10 at 11:26
  • PIX != Router different OS different syntax – Zypher Dec 01 '10 at 18:21