OPENED PORTS IN PIX 515E

Discussion in 'Cisco' started by AVO_CCNA, Jun 23, 2006.

  1. AVO_CCNA

    AVO_CCNA Guest

    Regards.

    I want to know which command I can use to know which ports I had opened
    in my PIX 515E.
    And to know how I can open another ports in my PIX 515E.
    If using the fixup command will do that?

    Thanks.

    Best Regards to every one.
     
    AVO_CCNA, Jun 23, 2006
    #1
    1. Advertising

  2. In article <>,
    AVO_CCNA <> wrote:

    >I want to know which command I can use to know which ports I had opened
    >in my PIX 515E.


    show access-group and look for 'in interface outside'. The
    name after the word access-group will be the name of an ACL; show
    the content of that ACL via show access-list ACLNAME

    Once you've done that, cross-compare that to the result of show static
    Also do show nat and look to see if there are any
    nat (INTERFACENAME) 0 access-list SOMEACLNAME

    In order for a port to be "open", the traffic must be matched by
    either a 'static' command or a 'nat 0 access-list', *and* the
    access-list applied to the outside interface (via the access-group
    command) must also permit the traffic.

    If you happen to have a configuration that uses obsolete command,
    then show conduit might also indicate some open ports.


    >And to know how I can open another ports in my PIX 515E.


    Deduceable from the above.


    >If using the fixup command will do that?


    No. The fixup command requests special inspection of traffic,
    such as snooping in to fix up FTP "PORT" commands to reflect the NAT
    settings. The fixup command does not open any ports on its own.
    (However, if the fixup inspection detects from the application
    protocol that a port needs to be opened, it will open it automatically
    for the duration of the transaction, such as to automatically
    handle FTP data connections.)
     
    Walter Roberson, Jun 23, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Incognito

    Unable to delete opened NAT ports

    Incognito, Mar 1, 2005, in forum: Cisco
    Replies:
    3
    Views:
    479
  2. Replies:
    1
    Views:
    627
    Walter Roberson
    Oct 24, 2005
  3. CrackHeadBob

    Testing manually opened ports.

    CrackHeadBob, Feb 10, 2004, in forum: Computer Support
    Replies:
    2
    Views:
    498
    Boomer
    Feb 10, 2004
  4. Morph
    Replies:
    2
    Views:
    750
    Plato
    Feb 1, 2005
  5. Student of Networking
    Replies:
    2
    Views:
    16,538
Loading...

Share This Page