Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
600
Views
0
Helpful
8
Replies

Access List help

brianwagerer
Level 1
Level 1

‎03-14-2007 07:43 AM - edited ‎03-11-2019 02:46 AM

Hello,

I have a question about configuring an access list? Can you use computer names instead of ip addresses. We have a pix in front of our SQL servers and workstation PC's that need to access the SQL servers are assigned DHCP addresses.

Labels:
0 Helpful
8 Replies 8

suschoud
Cisco Employee
Cisco Employee

‎03-14-2007 07:54 AM

hi,

if you want to use computer name,you need to configure the same in the pix.

example:

name 207.17.34.0 RediPlus2

name 216.35.59.0 RediPlus1

name 192.168.1.12 Themis02

name 1.1.1.1 abc

name 10.12.252.11 TACACS-2.6

use these names in the access-list.

Hope this helps.

Regards,

Sushil

0 Helpful

allcastr
Level 1
Level 1

‎03-14-2007 07:54 AM

Hello.

Yes you can but you need to give the IP address a name first. Here's an example

pixfirewall(config)# int e1

pixfirewall(config-if)# ip address 192.168.1.1

pixfirewall(config-if)# no shut

pixfirewall(config-if)# duplex full

pixfirewall(config-if)# nameif inside

INFO: Security level for "inside" set to 100 by default.

ICMP: icmp_open Entry for context 0

pixfirewall(config-if)# exit

pixfirewall(config)#

pixfirewall(config)# name 192.168.1.100 SQL-SERVER

pixfirewall(config)# access-list inside-access permit ip host SQL-SERVER any

pixfirewall(config-if)# access-group inside-access in interface inside

pixfirewall(config)#

pixfirewall(config)#

I hope this helps.

0 Helpful

brianwagerer
Level 1
Level 1
In response to allcastr

‎03-14-2007 12:20 PM

That helps a little bit but i have to give DHCP clients access to a sql server behind the pix.

What if the IP on the client changes then i have to login and change it on the pix too.

0 Helpful

suschoud
Cisco Employee
Cisco Employee
In response to brianwagerer

‎03-14-2007 12:25 PM

ok,plz clarify.

on which interface of pix, do we have the sql server.

on which interface of pix, do we have the workstations.

which code are u running on this pix?

also,please post the following:

sh nat..if code is 6.x

sh run nat..if code is 7.x

sh glo..if code is 6.x

sh run glo...if code is 7.x

sh static..if code is 6.x

sh run static..if code is 7.x

---------

0 Helpful

acomiskey
Level 10
Level 10
In response to brianwagerer

‎03-14-2007 12:25 PM

If all the clients in the dhcp pool have access, then just allow the whole network.

0 Helpful

brianwagerer
Level 1
Level 1
In response to acomiskey

‎03-14-2007 12:28 PM

not all should have access only about 30 clients

0 Helpful

acomiskey
Level 10
Level 10
In response to brianwagerer

‎03-14-2007 12:30 PM

Even if you could use computer name, how secure would that be if I knew what computer names were allowed access?

0 Helpful

robfos123
Level 1
Level 1

‎03-15-2007 04:09 PM

What kind of DHCP server is in play? I've found the best way is to create a seperate scope on the DHCP server and make a rule for the address range or make an authentication rule for traffic destined for sql ports, then supply a username and password to the DB developers

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card