Tightening access-list

Unanswered Question
Nov 7th, 2007

I want to tighten my access-lists so that only certain clients can see certain host.

I am running on a PIX 515 ver 7.1(2).4

My current access list is

access-list 111 extended permit ip

What I want to do is only allow users on the network to access a server at for telnet application. I also want one user to from the network to access servers on the

I put in the following two access-lists

access-list 111 extended permit ip host

access-list 111 extended permit tcp host eq telnet

Problem is that I can not connect to the server via telnet anymore from the network.

Also, even though I can still RDC into a server from network that is on teh network it continuous drops the connection and then reesablishes. This never happened with the previous access-list.

Any help is appreciated.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Wed, 11/07/2007 - 07:35


The telnet line in your access-list needs changing

access-list 111 extended permit tcp host eq telnet



boschrexroth Wed, 11/07/2007 - 08:59

Hi Jon,

Thanks but this access-list didn't work either.

Just so you know the PIX is on the network and the is a remote network that is using a VPN tunnel to connect.

Any other thoughts.


Jon Marshall Thu, 11/08/2007 - 12:13

Sorry, i missed your original reply.

Can you post configs if you have them for both ends of the VPN tunnel ?



This Discussion