Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Access-list on PIX

guys a very basic question we have pix firewall and it has many interfaces DMZ......now one of the interface is conected to a core swicth 4500 and on 4500 we have few test servers ....the link which conects from swicth to firewall is ethernet 1 ad access list is as under:

newtest_access_in it has security level3

now the destination server is in dmz and has security level9

the requirment is that from test server which are conected to 4500 has to access dmz server on port 5500

suppose the test server has ip 1.1.1.1 and dmz server has ip 2.2.2.2

so the access-list shd be

newtest_access_in permit tcp host 2.2.2.2 host 1.1.1.1 eq 5500

or shd it be

newtest_access_in permit tcp host 1.1.1.1 host 2.2.2.2 eq 5500

i am confused on source destination

thanks heaps guys

1 REPLY
Cisco Employee

Re: Access-list on PIX

Hello,

It should be

Access-list newtest_access_in permit tcp host 1.1.1.1 host 2.2.2.2 eq 5500

The format is

Access-list

You need to apply the access-list on the interface closest to the source and

should be in the incoming direction.

Hope this helps.

Regards,

NT

285
Views
0
Helpful
1
Replies
CreatePlease to create content