Access Lists On a PIX 515

Unanswered Question
Dec 6th, 2005
User Badges:

Hi All,


A quick question about access-lists. I have a site-to-site link using two PIX 515's. I have a requirement at one end to make a PC-to-site connection to a completly different network. However the network I am trying to connect to is on the same internal address scheme as the site-to-site so the packets are not getting routed correctly. Systems are as follows :-


Site To Site link (Internal Addresses)

Far end - 192.0.0.0 (255.255.255.0)

Near End - 192.168.0.1-192.168.3.254 (255.255.252.0)


Site to PC Link (Internal Addresses)

My Site - 192.0.0.0 (255.255.255.0)

Remote Site - 192.168.225.0 (255.255.255.0)


Can any one advise the best way to mod my access-list which is shown below or advise as to another fix which will allow the traffic to flow to both sites.


access-list vpntraffic permit ip 192.0.0.0 255.255.255.0 192.168.0.0 255.255.252.0


Many Thanks In Advance


Jez

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mchin345 Mon, 12/12/2005 - 07:31
User Badges:
  • Silver, 250 points or more

The access-list command operates on a first match basis. Therefore, the last rule added to the access list is the last rule checked. The administrator should make a note of the last rule during initial configuration, because it may impact the remainder of the rule parsing.


In this section, you are presented with the information to configure the firewall for access to a mail server located on the DMZ.


http://www.cisco.com/warp/public/110/mailserver_dmz.html

Actions

This Discussion