Tightening access-list

Unanswered Question
Nov 7th, 2007
User Badges:

I want to tighten my access-lists so that only certain clients can see certain host.


I am running on a PIX 515 ver 7.1(2).4


My current access list is

access-list 111 extended permit ip 10.10.128.0 255.255.255.0 192.9.20.0 255.255.255.0


What I want to do is only allow users on the 192.9.20.0 network to access a server at 10.10.128.33 for telnet application. I also want one user to from the 10.10.128.0 network to access servers on the 192.9.20.0


I put in the following two access-lists

access-list 111 extended permit ip host 10.10.128.183 192.9.20.0 255.255.255.0

access-list 111 extended permit tcp host 10.10.128.33 192.9.20.0 255.255.255.0 eq telnet


Problem is that I can not connect to the 10.10.128.33 server via telnet anymore from the 192.9.20.0 network.


Also, even though I can still RDC into a server from 10.10.128.0 network that is on teh 192.9.20.0 network it continuous drops the connection and then reesablishes. This never happened with the previous access-list.


Any help is appreciated.


Thanks.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Wed, 11/07/2007 - 07:35
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi


The telnet line in your access-list needs changing


access-list 111 extended permit tcp 192.9.20.0 255.255.255.0 host 10.10.128.33 eq telnet


HTH


Jon

boschrexroth Wed, 11/07/2007 - 08:59
User Badges:

Hi Jon,


Thanks but this access-list didn't work either.


Just so you know the PIX is on the 10.10.128.0 network and the 192.9.20.0 is a remote network that is using a VPN tunnel to connect.


Any other thoughts.


Thanks.

Jon Marshall Thu, 11/08/2007 - 12:13
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Sorry, i missed your original reply.


Can you post configs if you have them for both ends of the VPN tunnel ?


Jon

Actions

This Discussion