Solved

How to setup Access List only to a specific IP ?

Posted on 2012-03-10
5
531 Views
Last Modified: 2012-03-16
I would appreciate assistance allowing a specific range of ports 14000 to 14005 through my pix 506e but only to a specific  IP addess. Currently, I have setup the port range in my ISP routers config forwarding them to the outside interface ip of the Pix. Very much a noob so not even confident that this is the correct first step..
0
Comment
Question by:mrmad1966
  • 3
  • 2
5 Comments
 
LVL 1

Author Comment

by:mrmad1966
ID: 37704700
Would this syntax be correct please ?

access-list inside permit tcp any any range 12000 12002
access-list allow_VU remark **** Enabled for VU ****
access-list allow_VU permit tcp any interface outside range 14000 14002
access-list allow_VU permit udp any interface outside range 14000 14002

static (inside,outside) tcp interface 14000-14002 192.168.1.19 14000-14002 netmask 255.255.255.255 0 0
static (inside,outside) udp interface 14000-14002 192.168.1.19 14000-14002 netmask 255.255.255.255 0 0

access-group allow_VU in interface outside
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 37709053
I think you need the statics on a per-port base:
static (inside,outside) tcp interface 14000 192.168.1.19 14000 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 14001 192.168.1.19 14001 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 14002 192.168.1.19 14002 netmask 255.255.255.255 0 0
static (inside,outside) udp interface 14000 192.168.1.19 14000 netmask 255.255.255.255 0 0
static (inside,outside) udp interface 14001 192.168.1.19 14001 netmask 255.255.255.255 0 0
static (inside,outside) udp interface 14002 192.168.1.19 14002 netmask 255.255.255.255 0 0


Not sure why: access-list inside permit tcp any any range 12000 12002 is there. Remember that the ACL's are terminated by an implicit 'deny all' so I would first try without this inside ACL.

Oh, if you want to allow only a specific host, use an ACL like:

access-list allow_VU remark **** Enabled for VU ****
access-list allow_VU permit tcp host 1.2.3.4 interface outside range 14000 14002
access-list allow_VU permit udp host 1.2.3.4 interface outside range 14000 14002


Where 1.2.3.4 is the public address of the host you want to grant access.
0
 
LVL 1

Author Comment

by:mrmad1966
ID: 37709112
Thank you  will try on my return home !
0
 
LVL 35

Accepted Solution

by:
Ernie Beek earned 500 total points
ID: 37709195
Ok, let me know how this works out for you.
0
 
LVL 1

Author Closing Comment

by:mrmad1966
ID: 37728359
Thank you
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
A short film showing how OnPage and Connectwise integration works.

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now