We help IT Professionals succeed at work.

How to setup Access List only to a specific IP ?

mrmad1966
mrmad1966 asked
on
I would appreciate assistance allowing a specific range of ports 14000 to 14005 through my pix 506e but only to a specific  IP addess. Currently, I have setup the port range in my ISP routers config forwarding them to the outside interface ip of the Pix. Very much a noob so not even confident that this is the correct first step..
Comment
Watch Question

Author

Commented:
Would this syntax be correct please ?

access-list inside permit tcp any any range 12000 12002
access-list allow_VU remark **** Enabled for VU ****
access-list allow_VU permit tcp any interface outside range 14000 14002
access-list allow_VU permit udp any interface outside range 14000 14002

static (inside,outside) tcp interface 14000-14002 192.168.1.19 14000-14002 netmask 255.255.255.255 0 0
static (inside,outside) udp interface 14000-14002 192.168.1.19 14000-14002 netmask 255.255.255.255 0 0

access-group allow_VU in interface outside
Ernie BeekSenior infrastructure engineer
CERTIFIED EXPERT
Top Expert 2012

Commented:
I think you need the statics on a per-port base:
static (inside,outside) tcp interface 14000 192.168.1.19 14000 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 14001 192.168.1.19 14001 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 14002 192.168.1.19 14002 netmask 255.255.255.255 0 0
static (inside,outside) udp interface 14000 192.168.1.19 14000 netmask 255.255.255.255 0 0
static (inside,outside) udp interface 14001 192.168.1.19 14001 netmask 255.255.255.255 0 0
static (inside,outside) udp interface 14002 192.168.1.19 14002 netmask 255.255.255.255 0 0


Not sure why: access-list inside permit tcp any any range 12000 12002 is there. Remember that the ACL's are terminated by an implicit 'deny all' so I would first try without this inside ACL.

Oh, if you want to allow only a specific host, use an ACL like:

access-list allow_VU remark **** Enabled for VU ****
access-list allow_VU permit tcp host 1.2.3.4 interface outside range 14000 14002
access-list allow_VU permit udp host 1.2.3.4 interface outside range 14000 14002


Where 1.2.3.4 is the public address of the host you want to grant access.

Author

Commented:
Thank you  will try on my return home !
Senior infrastructure engineer
CERTIFIED EXPERT
Top Expert 2012
Commented:
Ok, let me know how this works out for you.

Author

Commented:
Thank you

Explore More ContentExplore courses, solutions, and other research materials related to this topic.