PIX501 & PC-Anywhere

- M
- myotherbox
  
  Contact options for registered users
posted
18 years ago

Thu, Feb 23, 2006 4:18 PM

I'm trying to set up my PIX to allow people to pc-anywhere in to a specific PC.

Here's what I believe to be the relevant parts from my running config:

access-list outside_access_in permit tcp any host xx.xxx.xxx.xx eq pcanywhere-data access-list outside_access_in permit udp any host xx.xxx.xxx.xx eq pcanywhere-status static (outside,inside) 192.168.1.99 xx.xxx.xxx.xx netmask

255.255.255.255 0 0 static (inside,outside) xx.xxx.xxx.xx 192.168.1.99 netmask 255.255.255.255 0 0

Where xx.xxx.xxx.xxx is one of our static IP's and 192.168.1.99 is the static inside IP for the PC I want to PC-Anywhere into.

Any idea why this isn't working? Thanks in advance!

Brett

Loading thread data ...

- M
- mcaissie
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Thu, Feb 23, 2006 4:46 PM

You only need one static command. You only want to mask the inside IP with an outside IP so you only need the static (inside,outside) command.

--Get rid of;

no static (outside,inside) 192.168.1.99 xx.xxx.xxx.xx netmask

255.255.255.255 0 0

--make sure your access-list is applied on the outside interface

access-group outside_access_in in interface outside

- M
- myotherbox
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Fri, Feb 24, 2006 3:16 PM

Thanks for your reply.

When I try to get rid of that command, I get the message:

"PDM has found that this operation will result in some security rules getting nullified. Please review your translation/security rules, before retrying this operation."

Any ideas? Thanks!

Brett

- M
- mcaissie
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Fri, Feb 24, 2006 5:37 PM

I only work with CLI so i don't know why the PDM doesn't like it.

But if you have an access-group referencing to the x.x.x.x address, maybe it't the PDM concern.

You may try to remove the access-group, before removing the static , then reapplying it

- M
- myotherbox
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Fri, Feb 24, 2006 7:19 PM

Thanks again for your reply.

I can access the pix with the CLI. I'm telneted in right now. Problem is I don't know how to make the suggested change form the CLI. Any help you or anyone could provide would be greatly appreciated!

Thanks

Brett

- N
- NETADMIN
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Fri, Feb 24, 2006 7:24 PM

PIX>

PIX>en PIX:>password PIX# PIX#config t PIX(config t)#no static (outside,inside) 192.168.1.99 xx.xxx.xxx.xx netmask

255.255.255.255 0 0 PIX(config t)#access-group outside_access_in in interface outside PIX(config t)#exit PIX#

- M
- myotherbox
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Tue, Feb 28, 2006 6:06 PM

Thank you to everyone who replied. We're up and running now.

Thanks!

Brett

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.