06-26-2008 09:28 AM - edited 03-11-2019 06:05 AM
Is this a valid ACL?
access-list OUTSIDE_access_in extended permit tcp host 160.83.89.0 255.255.255.0 any
If I want to allow this address incoming to any internal address?
Solved! Go to Solution.
06-27-2008 08:37 AM
Eric
If all the connections are originated from a 192.168.5.x address AND the device you are on is a stateful firewall you do not need to explicitily allow the return traffic back in with an acl.
Jon
06-26-2008 09:50 AM
I believe no need for keyword host as u permit the /24 subnet and make sure u apply that ACL inbound on the outside interface.
Regards,
Belal
06-26-2008 01:40 PM
Eric
When you say this address 160.83.89.0 do you mean the network in which case as previous poster said remove the "host" keyword.
If it is just a particular host then remove the 255.255.255.0 portion of your access-list. BUT 160.83.89.0 cannot be used as a host address, so it's not entirely clear what you are trying to do.
Jon
06-27-2008 04:39 AM
I am trying to let in any address from that 160.83.89.0 subnet into my outside interface. Is that possible to do or do I have to get exact IP's of individual PC's in that network range? When it is requested from any of my internal IP's.
06-27-2008 08:27 AM
No you can use the subnet address if you want. In that case just remove the "host" keyword from your acl.
It is a rather open rule though. You are saying any host on the 160.83.89.0/24 subnet can access any server on any tcp port.
Also you wrote
"When it is requested from any of my internal IP's."
If this is a stateful firewall you are on then if the connection originated from one of your internal IP's to a host on the 160.83.89.0/24 subnet you don't need the acl rule because the traffic will automatically be let back in.
However if the connection is initiated from the 160.83.89.0/24 network or this is not a stateful firewall you do need the acl.
Jon
06-27-2008 08:30 AM
My inside address is a 192.168.5.0 setup, so the traffic would be originating there.
06-27-2008 08:37 AM
Eric
If all the connections are originated from a 192.168.5.x address AND the device you are on is a stateful firewall you do not need to explicitily allow the return traffic back in with an acl.
Jon
06-27-2008 08:39 AM
Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide