Cisco PIX 506

[Guest]

Archived from groups: comp.security.firewalls (More info?)

Hi,

I am working with a Cisco PIX 506 firewall with version 5.1 software.
I have the manual and have been scouring it looking for the answers to
my problem, however the manual is quite large and the information is
vague at best.

While I am no expert by any means with firewalls, I did take a course
in Cisco routers. I am attempting to set up a barracuda spam filter
and have to enable some ports. Some ports are enabled by default
others of course are not.

I have tried the fixup command for what are considered standard ports,
but I get an error message stating unknown protocol.

Is anyone out there familiar with the proper commands to make the
ports accessible?

For example I need to open port 53 for DNS and 123 for NTP. Do I use
the conduit command?

Any help with this question would be greatly appreciated.

Best regards,
Don Beaulieu

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

I have the Barracuda. Nice. Did you try asking them for help?

"dbeaulieu" <cyberstitious@hotmail.com> wrote in message
news:1aab0d40.0404050820.4e24cf9@posting.google.com...
> Hi,
>
> I am working with a Cisco PIX 506 firewall with version 5.1 software.
> I have the manual and have been scouring it looking for the answers to
> my problem, however the manual is quite large and the information is
> vague at best.
>
> While I am no expert by any means with firewalls, I did take a course
> in Cisco routers. I am attempting to set up a barracuda spam filter
> and have to enable some ports. Some ports are enabled by default
> others of course are not.
>
> I have tried the fixup command for what are considered standard ports,
> but I get an error message stating unknown protocol.
>
> Is anyone out there familiar with the proper commands to make the
> ports accessible?
>
> For example I need to open port 53 for DNS and 123 for NTP. Do I use
> the conduit command?
>
> Any help with this question would be greatly appreciated.
>
> Best regards,
> Don Beaulieu

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

Don,

You are correct in that you need the Conduit command, as well as possibly a
static address map for the address of the Barracuda, which I presume is on
the inside LAN. It is probably MUCH easier for you to upgrade the PIX to
version 6 software (currently 6.3), which I think you can download without a
partner CCO login, as this supports access-lists which are almost the same
as on the routers, but with a 'normal' subnet mask, rather than the reveosed
ones on a router.

I hope this helps.

Reg


"dbeaulieu" <cyberstitious@hotmail.com> wrote in message
news:1aab0d40.0404050820.4e24cf9@posting.google.com...
> Hi,
>
> I am working with a Cisco PIX 506 firewall with version 5.1 software.
> I have the manual and have been scouring it looking for the answers to
> my problem, however the manual is quite large and the information is
> vague at best.
>
> While I am no expert by any means with firewalls, I did take a course
> in Cisco routers. I am attempting to set up a barracuda spam filter
> and have to enable some ports. Some ports are enabled by default
> others of course are not.
>
> I have tried the fixup command for what are considered standard ports,
> but I get an error message stating unknown protocol.
>
> Is anyone out there familiar with the proper commands to make the
> ports accessible?
>
> For example I need to open port 53 for DNS and 123 for NTP. Do I use
> the conduit command?
>
> Any help with this question would be greatly appreciated.
>
> Best regards,
> Don Beaulieu