Access List question

Unanswered Question
Aug 6th, 2007
User Badges:

I have a range of about 12 IP's xx.xx.xx.99-xx.xx.xx.110 that I need to allow http access to on my Pix. Is there a command to just allow that range so I don't have to set each one up seperately?


Thanks!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
srue Mon, 08/06/2007 - 11:32
User Badges:
  • Blue, 1500 points or more

you could supernet them.

x.x.x.96/28

this will actually allow hosts x.x.x.96-x.x.x.110

http x.x.x.96 255.255.255.240 inside

or, if you meant http access *through* and not *to*...

access-list 101 permit tcp x.x.x.96 255.255.255.240 any eq 80

If this is not acceptable, you'll have to type each one in separately.



sonitadmin Mon, 08/06/2007 - 11:37
User Badges:

I think I understand, but could you show me exactly how the access-list command would look?


Thanks!

oabduo983 Mon, 08/06/2007 - 12:05
User Badges:
  • Bronze, 100 points or more

access-list 101 permit tcp x.x.x.96 255.255.255.240 any eq 80

access-group 101 in interface outside

acomiskey Mon, 08/06/2007 - 12:12
User Badges:
  • Green, 3000 points or more

Steve,


You need to clarify in which direction this traffic is travelling through your pix. The post directly above is most likely not right as this allows the network to any inside on port 80. I assume these are you inside ips which are going outbound on port 80 or any from outside may access them on port 80.

Actions

This Discussion