PIX ACL

jeffsteffy
jeffsteffy used Ask the Experts™
on
I will be adding these ACL's into the PIX with version 7.2 from a pix with vesion 6.3. my question is will these work as is
access-list inside_in permit tcp any any eq 80
access-group inside_in in interface inside
I have serveral of these: or do i need to add the 'extended' or anything else?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
You'll need the 'extended' keyword:

Pix 6.3: access-list inside_in permit tcp any any eq 80
Pix 7+: access-list inside_in extended permit tcp any any eq 80

Author

Commented:
his one will work? access-group inside_in in interface inside
Commented:
Yes it will but be aware that if thats the only line in the ACL, what you are doing is stopping everything else coming in the inside interface except port 80

E.g. you will not be able to ftp/https or do external DNS resolution etc.

But your syntax is correct (using extended as per poster)

Author

Commented:
yes I have a long list and have been testing this in the lab, going to websites....
the test pix is V6.3 and production is V7.3


Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial