How to setup Access List only to a specific IP ?

I would appreciate assistance allowing a specific range of ports 14000 to 14005 through my pix 506e but only to a specific  IP addess. Currently, I have setup the port range in my ISP routers config forwarding them to the outside interface ip of the Pix. Very much a noob so not even confident that this is the correct first step..
LVL 1
mrmad1966Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

mrmad1966Author Commented:
Would this syntax be correct please ?

access-list inside permit tcp any any range 12000 12002
access-list allow_VU remark **** Enabled for VU ****
access-list allow_VU permit tcp any interface outside range 14000 14002
access-list allow_VU permit udp any interface outside range 14000 14002

static (inside,outside) tcp interface 14000-14002 192.168.1.19 14000-14002 netmask 255.255.255.255 0 0
static (inside,outside) udp interface 14000-14002 192.168.1.19 14000-14002 netmask 255.255.255.255 0 0

access-group allow_VU in interface outside
Ernie BeekExpertCommented:
I think you need the statics on a per-port base:
static (inside,outside) tcp interface 14000 192.168.1.19 14000 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 14001 192.168.1.19 14001 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 14002 192.168.1.19 14002 netmask 255.255.255.255 0 0
static (inside,outside) udp interface 14000 192.168.1.19 14000 netmask 255.255.255.255 0 0
static (inside,outside) udp interface 14001 192.168.1.19 14001 netmask 255.255.255.255 0 0
static (inside,outside) udp interface 14002 192.168.1.19 14002 netmask 255.255.255.255 0 0


Not sure why: access-list inside permit tcp any any range 12000 12002 is there. Remember that the ACL's are terminated by an implicit 'deny all' so I would first try without this inside ACL.

Oh, if you want to allow only a specific host, use an ACL like:

access-list allow_VU remark **** Enabled for VU ****
access-list allow_VU permit tcp host 1.2.3.4 interface outside range 14000 14002
access-list allow_VU permit udp host 1.2.3.4 interface outside range 14000 14002


Where 1.2.3.4 is the public address of the host you want to grant access.
mrmad1966Author Commented:
Thank you  will try on my return home !
Ernie BeekExpertCommented:
Ok, let me know how this works out for you.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mrmad1966Author Commented:
Thank you
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.