Jump to content

Can't download anything through new PIX 515E


Recommended Posts


I'd really like some help configuring my Cisco PIX 515E to allow uTorrent connections through.

I'm running Cisco PIX Firewall Version 6.3(5).

I know that there are no access lists or static NAT entries that reference uTorrent.

I've tried several things that I've gleaned from various websites, but nothing seems to work.

Not a whole lot of people running full-fledged PIX firewalls in their home....

I guess I'm just lucky.......DOH!

Here is the config (with certain parts eliminated):

PIX Version 6.3(5)

interface ethernet0 auto

interface ethernet1 auto

interface ethernet2 auto shutdown

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 intf2 security4

enable password ___________ encrypted

passwd _________ encrypted

hostname "mypix"

domain-name none









access-list 101 permit icmp any host xxxxxxx echo-reply

access-list 101 permit icmp any host xxxxxxx source-quench

access-list 101 permit icmp any host xxxxxxx unreachable

access-list 101 permit icmp any host xxxxxxx time-exceeded

pager lines 24

logging on

logging timestamp

logging console errors

logging buffered notifications

logging trap errors

logging history informational

logging facility 7

logging host inside XXX.XXX.XXX.7 6/1468

icmp deny any echo outside

mtu outside 1500

mtu inside 1500

mtu intf2 1500

ip address outside dhcp setroute

ip address inside xxx.xxx.X.1

no ip address intf2

ip audit name attack2 attack action alarm drop reset

ip audit interface outside attack2

ip audit info action alarm

ip audit attack action alarm

pdm logging informational 512

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0 0

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout sip-disconnect 0:02:00 sip-invite 0:03:00

timeout uauth 0:05:00 absolute





http server enable

http xxxxxxx inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

telnet xxxxxxx inside

telnet timeout 30

ssh timeout 5

console timeout 0

dhcpd address xxxxxxx inside

dhcpd dns xxxxxxx

dhcpd lease 3600

dhcpd ping_timeout 750

dhcpd auto_config outside

dhcpd enable inside

I'm not a complete idiot......I'm just a whole lot more familiar with the VOIP side of the house.

Any help that you guys could give me would be greatly appreciated.

BTW, uTorrent worked very well before I upgraded from my WRT54G v6. The PIX is just too sexy to not use!

Thanks in advance.


Link to comment
Share on other sites

You will need to add the following lines to get this working, just select everything below as a whole and copy and paste into the PIX in priv mode:

object-group service utorrent tcp

port-object range 5960 5970


access-list OUTSIDE_AXS_IN permit tcp any gt 1024 interface outside object-group utorrent

static (inside,outside) tcp interface 5960 <your PC's IP> 5960 netmask 0 0

access-group OUTSIDE_AXS_IN in interface outside

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...