Adding Applications To Be Eligible For Port Forwarding - Cisco PIX 500 Series Configuration Manual
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Configuring Application Access
Adding Applications to Be Eligible for Port Forwarding
The clientless SSL VPN configuration of each security appliance supports port forwarding lists, each of
which specifies local and remote ports used by the applications for which you want to provide access.
Because each group policy or username supports only one port forwarding list, you must group each set
of applications to be supported into a list. To display the port forwarding list entries already present in
the security appliance configuration, enter the following command in privileged EXEC mode:
show run webvpn port-forward
To add a port forwarding entry to a list, enter the following command in webvpn configuration mode:
port-forward {list_name local_port remote_server remote_port description}
list_name—Name for a set of applications (technically, a set of forwarded TCP ports) for users of
clientless SSL VPN sessions to access. The security appliance creates a list using the name you enter if
it does not recognize it. Otherwise, it adds the port forwarding entry to the list. Maximum 64 characters.
local_port—Port that listens for TCP traffic for an application running on the user's computer. You can
use a local port number only once for each port forwarding list. Enter a port number in the range 1-65535
or port name. To avoid conflicts with existing services, use a port number greater than 1024.
remote_server—DNS name or IP address of the remote server for an application. We recommend using
hostnames so that you do not have to configure the client applications for specific IP addresses. If you
enter the IP address, you may enter it in either IPv4 or IPv6 format.
remote_port—Port to connect to for this application on the remote server. This is the actual port the
application uses. Enter a port number in the range 1-65535 or port name.
description—Application name or short description that displays on the end user Port Forwarding Java
applet screen. Maximum 64 characters.
To remove an entry from a list, use the no form of the command, specifying both the list and the local
port. In this case, the remoteserver, remoteport, and description are optional.
no port-forward list_name local_port
The following table shows the values used for example applications.
Application
IMAP4S e-mail
SMTPS e-mail
DDTS over SSH
Telnet
The following example shows how to create a port forwarding list called SalesGroupPorts that provides
access to these applications:
hostname(config)# webvpn
hostname(config-webvpn)# port-forward SalesGroupPorts 20143 IMAP4Sserver 143 Get Mail
hostname(config-webvpn)# port-forward SalesGroupPorts 20025 SMTPSserver 25 Send Mail
hostname(config-webvpn)# port-forward SalesGroupPorts 20022 DDTSserver 22 DDTS over SSH
hostname(config-webvpn)# port-forward SalesGroupPorts 20023 Telnetserver 23 Telnet
Cisco Security Appliance Command Line Configuration Guide
37-32
The Java applet displays in its own window on the end user HTML interface. It shows the contents
of the list of forwarded ports available to the user, as well as which ports are active, and amount of
traffic in bytes sent and received.
Local Port
20143
20025
20022
20023
Server DNS Name
IMAP4Sserver
SMTPSserver
DDTSserver
Telnetserver
Chapter 37
Configuring Clientless SSL VPN
Remote Port
Description
143
Get Mail
25
Send Mail
22
DDTS over SSH
23
Telnet
OL-12172-03
Advertisement
Table of Contents
Troubleshooting
