Regards.
I want to know which command I can use to know which ports I had opened in my PIX 515E. And to know how I can open another ports in my PIX 515E. If using the fixup command will do that?
Thanks.
Best Regards to every one.
show access-group and look for 'in interface outside'. The name after the word access-group will be the name of an ACL; show the content of that ACL via show access-list ACLNAME
Once you've done that, cross-compare that to the result of show static Also do show nat and look to see if there are any nat (INTERFACENAME) 0 access-list SOMEACLNAME
In order for a port to be "open", the traffic must be matched by either a 'static' command or a 'nat 0 access-list', *and* the access-list applied to the outside interface (via the access-group command) must also permit the traffic.
If you happen to have a configuration that uses obsolete command, then show conduit might also indicate some open ports.
Deduceable from the above.
No. The fixup command requests special inspection of traffic, such as snooping in to fix up FTP "PORT" commands to reflect the NAT settings. The fixup command does not open any ports on its own. (However, if the fixup inspection detects from the application protocol that a port needs to be opened, it will open it automatically for the duration of the transaction, such as to automatically handle FTP data connections.)
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.