More efficient Access List/Static Statements

rsinghnyc · ‎10-18-2007

I Have a PIX 515 6.3(5). I need to allow outside web access to a host from the outside; opening ports 9000-9005. Here is an example of the code, that I have come up with.

Is there a better way to write this (e.g. One statement with a range of ports versus a separate line for each one.)

access-list 107 permit tcp any host X.X.X.X eq www

access-list 107 permit tcp any host X.X.X.X eq 9002

access-list 107 permit tcp any host X.X.X.X eq 9003

access-list 107 permit tcp any host X.X.X.X eq 9005

access-list 107 permit tcp any host X.X.X.X eq 9000

access-list 107 permit tcp any host X.X.X.X eq 9001

access-list 107 permit tcp any host X.X.X.X eq 9004

static (inside,outside) tcp X.X.X.X www 10.100.x.x www netmask 255.255.255.255 0 0

static (inside,outside) tcp X.X.X.X 9000 10.100.x.x 9000 netmask 255.255.255.255 0 0

static (inside,outside) tcp X.X.X.X 9001 10.100.x.x 9001 netmask 255.255.255.255 0 0

static (inside,outside) tcp X.X.X.X 9002 10.100.x.x 9002 netmask 255.255.255.255 0 0

static (inside,outside) tcp X.X.X.X 9003 10.100.x.x 9003 netmask 255.255.255.255 0 0

static (inside,outside) tcp X.X.X.X 9004 10.100.x.x 9004 netmask 255.255.255.255 0 0

static (inside,outside) tcp X.X.X.X 9005 10.100.x.x 9005 netmask 255.255.255.255 0 0

acomiskey · ‎10-18-2007

access-list 107 permit tcp any host x.x.x.x range 9000 9005

Please rate helpful posts.