Solved

How to setup Access List only to a specific IP ?

Posted on 2012-03-10
5
535 Views
Last Modified: 2012-03-16
I would appreciate assistance allowing a specific range of ports 14000 to 14005 through my pix 506e but only to a specific  IP addess. Currently, I have setup the port range in my ISP routers config forwarding them to the outside interface ip of the Pix. Very much a noob so not even confident that this is the correct first step..
0
Comment
Question by:mrmad1966
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 1

Author Comment

by:mrmad1966
ID: 37704700
Would this syntax be correct please ?

access-list inside permit tcp any any range 12000 12002
access-list allow_VU remark **** Enabled for VU ****
access-list allow_VU permit tcp any interface outside range 14000 14002
access-list allow_VU permit udp any interface outside range 14000 14002

static (inside,outside) tcp interface 14000-14002 192.168.1.19 14000-14002 netmask 255.255.255.255 0 0
static (inside,outside) udp interface 14000-14002 192.168.1.19 14000-14002 netmask 255.255.255.255 0 0

access-group allow_VU in interface outside
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 37709053
I think you need the statics on a per-port base:
static (inside,outside) tcp interface 14000 192.168.1.19 14000 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 14001 192.168.1.19 14001 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 14002 192.168.1.19 14002 netmask 255.255.255.255 0 0
static (inside,outside) udp interface 14000 192.168.1.19 14000 netmask 255.255.255.255 0 0
static (inside,outside) udp interface 14001 192.168.1.19 14001 netmask 255.255.255.255 0 0
static (inside,outside) udp interface 14002 192.168.1.19 14002 netmask 255.255.255.255 0 0


Not sure why: access-list inside permit tcp any any range 12000 12002 is there. Remember that the ACL's are terminated by an implicit 'deny all' so I would first try without this inside ACL.

Oh, if you want to allow only a specific host, use an ACL like:

access-list allow_VU remark **** Enabled for VU ****
access-list allow_VU permit tcp host 1.2.3.4 interface outside range 14000 14002
access-list allow_VU permit udp host 1.2.3.4 interface outside range 14000 14002


Where 1.2.3.4 is the public address of the host you want to grant access.
0
 
LVL 1

Author Comment

by:mrmad1966
ID: 37709112
Thank you  will try on my return home !
0
 
LVL 35

Accepted Solution

by:
Ernie Beek earned 500 total points
ID: 37709195
Ok, let me know how this works out for you.
0
 
LVL 1

Author Closing Comment

by:mrmad1966
ID: 37728359
Thank you
0

Featured Post

Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question