We are in the process of configuring our PIX 515e to allow remote access to Nortel i2050 Softphones.
In the process, we have to configure static entries for ports 7000,
28000-2825 5, 51000-51200 to point to the BCM phone system and then configure the outside interface to allow connectivity through ports 7000, 28000-2825 5, 51000-51200Please tell me there is a way to configure the static entries and the ACL so I dont have to have an entry for each port (total of 456 entries).
Chris
I don't know what might be do-able with PIX 7.x.
In PIX 6.3 you could use
object-group service BCM tcp-udp port-object eq 7000 port-object ragne 28000 28255 port-object ragne 51000 51200
access-list out2in permit tcp any host BCMHOSTEXTERNAL object-group BCM access-list out2in permit udp any host BCMHOSTEXTERNAL object-group BCM
access-group out2in in interface outside
access-list BCMSTATIC permit tcp host BCMHOSTINTERNAL object-group BCM any access-list BCMSTATIC permit udp host BCMHOSTINTERNAL object-group BCM any
static (inside,outside) BCMHOSTEXTERNAL access-list BCMSTATIC
Everything seems to work, except the last line static (inside,outside) interface access-list BCMSTATIC
I get an error: ERROR: cannot translate from IP protocol tcp to IP protocol ip
Any suggestions?
Chris
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.