Tech Support Forum - View Single Post

petronius · 12-14-2007, 09:52 AM

1st, remove all the udp entries from your access list since they are "connectionless" (packets are not answered).

Also, remember that outbound traffic never needs to be "allowed" once you have a global statement. The firewall is "stateful" and it knows not to block source traffic since it is predicated by its rules.

Lastly, turn off "nat-control" (pix<config>#no nat-control) temporarily

Make those changes as well as the "extended" acl-out change and then post back the results.

Cheers

12-14-2007, 09:52 AM	#7 (permalink)
petronius Registered User Join Date: Dec 2007 Location: NorCal Posts: 117 OS: XP SP2	Re: opening ports on 515e 1st, remove all the udp entries from your access list since they are "connectionless" (packets are not answered). Also, remember that outbound traffic never needs to be "allowed" once you have a global statement. The firewall is "stateful" and it knows not to block source traffic since it is predicated by its rules. Lastly, turn off "nat-control" (pix<config>#no nat-control) temporarily Make those changes as well as the "extended" acl-out change and then post back the results. Cheers