How to setup Access List only to a specific IP ?

I would appreciate assistance allowing a specific range of ports 14000 to 14005 through my pix 506e but only to a specific  IP addess. Currently, I have setup the port range in my ISP routers config forwarding them to the outside interface ip of the Pix. Very much a noob so not even confident that this is the correct first step..
LVL 1
mrmad1966Asked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Ernie BeekConnect With a Mentor ExpertCommented:
Ok, let me know how this works out for you.
0
 
mrmad1966Author Commented:
Would this syntax be correct please ?

access-list inside permit tcp any any range 12000 12002
access-list allow_VU remark **** Enabled for VU ****
access-list allow_VU permit tcp any interface outside range 14000 14002
access-list allow_VU permit udp any interface outside range 14000 14002

static (inside,outside) tcp interface 14000-14002 192.168.1.19 14000-14002 netmask 255.255.255.255 0 0
static (inside,outside) udp interface 14000-14002 192.168.1.19 14000-14002 netmask 255.255.255.255 0 0

access-group allow_VU in interface outside
0
 
Ernie BeekExpertCommented:
I think you need the statics on a per-port base:
static (inside,outside) tcp interface 14000 192.168.1.19 14000 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 14001 192.168.1.19 14001 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 14002 192.168.1.19 14002 netmask 255.255.255.255 0 0
static (inside,outside) udp interface 14000 192.168.1.19 14000 netmask 255.255.255.255 0 0
static (inside,outside) udp interface 14001 192.168.1.19 14001 netmask 255.255.255.255 0 0
static (inside,outside) udp interface 14002 192.168.1.19 14002 netmask 255.255.255.255 0 0


Not sure why: access-list inside permit tcp any any range 12000 12002 is there. Remember that the ACL's are terminated by an implicit 'deny all' so I would first try without this inside ACL.

Oh, if you want to allow only a specific host, use an ACL like:

access-list allow_VU remark **** Enabled for VU ****
access-list allow_VU permit tcp host 1.2.3.4 interface outside range 14000 14002
access-list allow_VU permit udp host 1.2.3.4 interface outside range 14000 14002


Where 1.2.3.4 is the public address of the host you want to grant access.
0
 
mrmad1966Author Commented:
Thank you  will try on my return home !
0
 
mrmad1966Author Commented:
Thank you
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.