range of ports in ACL on PIX?

- B
- Brian Bergin
  
  Contact options for registered users
posted
18 years ago

Thu, Jun 16, 2005 6:53 PM

I need to open a range of UDP ports on a PIX with 6.3.4 OS, specifically 10050 to 11050. Is there a way to do it short of a thousand ACL lines? Thanks!

Brian

- M
- mcaissie
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Thu, Jun 16, 2005 9:02 PM

access-list [name] permit udp [source] [destination] range 10050 11050

- M
- Matt
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Thu, Jun 16, 2005 9:09 PM

how about the gt or lt (greater than or less than) keywords? rather than eq.

ex: access-list acl_dmz1 deny udp any host 192.168.1.2 gt 42

formatting link

- B
- Brian Bergin
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Fri, Jun 17, 2005 12:17 AM

|access-list [name] permit udp [source] [destination] range 10050 11050 |

Perfect. Now for the harder question. How do I get those ports assigned to the static mapping to the VoIP device? I've gone to the trouble of creating 1,001 static (inside,outside) udp interface ##### 192.168.100.254 ##### netmask

255.255.255.255 0 0 entries but that seems a bit extreme. What I'm trying to do is get Vonage to work. If I replace the PIX with a Linksys BEFVP41 or BEFSR41 and connect the Linksys phone adapter to the other Linksys, forward those 1001 ports to the phone adapter it works perfectly, but I need the PIX for home-to-office VPN and don't want to fool with NAT-behind-NAT. Thanks!

Brian