06-25-2009 09:27 AM - edited 02-21-2020 04:16 PM
Hello,
I have set up the ipsec between two servers to pass through firewall.
I had to allow both directions from host to host on tcp/udp 500,88 and had to put ip any access-list entry as well to make it work.
the question is: we are using PIX 6.4 and i have not find the command to specify in acl to allow only ip port 50 and 51 I had to open the entire ip protocol.
Could anyone send me a link if there is an option to reduce number of ports for 'permit ip' statement in PIX 6.4.
Thanks
06-25-2009 10:53 AM
To allow port ESP 50 just use:
access-list
To allow port AH 51 just use:
access-list
06-25-2009 12:24 PM
Worked wonders, thanks a lot, exactly what I was looking for.
Is there a guide on cisco side such as best practice guide for FW ACL's, I can't find anyting concise as of yet.
Thanks for you help, Anna
06-25-2009 12:50 PM
Hi Anna. There are several materials referencing on just basic ACL's designs (not specific to FW) but it's pretty much the same concept. The one that I used is from O'Reilly called "Cisco IOS Access List".
Glad I could help.
Jerome
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide