Tightening access-list

Unanswered Question
Nov 7th, 2007

I want to tighten my access-lists so that only certain clients can see certain host.

I am running on a PIX 515 ver 7.1(2).4

My current access list is

access-list 111 extended permit ip 10.10.128.0 255.255.255.0 192.9.20.0 255.255.255.0

What I want to do is only allow users on the 192.9.20.0 network to access a server at 10.10.128.33 for telnet application. I also want one user to from the 10.10.128.0 network to access servers on the 192.9.20.0

I put in the following two access-lists

access-list 111 extended permit ip host 10.10.128.183 192.9.20.0 255.255.255.0

access-list 111 extended permit tcp host 10.10.128.33 192.9.20.0 255.255.255.0 eq telnet

Problem is that I can not connect to the 10.10.128.33 server via telnet anymore from the 192.9.20.0 network.

Also, even though I can still RDC into a server from 10.10.128.0 network that is on teh 192.9.20.0 network it continuous drops the connection and then reesablishes. This never happened with the previous access-list.

Any help is appreciated.

Thanks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Wed, 11/07/2007 - 07:35

Hi

The telnet line in your access-list needs changing

access-list 111 extended permit tcp 192.9.20.0 255.255.255.0 host 10.10.128.33 eq telnet

HTH

Jon

boschrexroth Wed, 11/07/2007 - 08:59

Hi Jon,

Thanks but this access-list didn't work either.

Just so you know the PIX is on the 10.10.128.0 network and the 192.9.20.0 is a remote network that is using a VPN tunnel to connect.

Any other thoughts.

Thanks.

Jon Marshall Thu, 11/08/2007 - 12:13

Sorry, i missed your original reply.

Can you post configs if you have them for both ends of the VPN tunnel ?

Jon

Actions

This Discussion