Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Access List question

I have a range of about 12 IP's xx.xx.xx.99-xx.xx.xx.110 that I need to allow http access to on my Pix. Is there a command to just allow that range so I don't have to set each one up seperately?

Thanks!

4 REPLIES
Gold

Re: Access List question

you could supernet them.

x.x.x.96/28

this will actually allow hosts x.x.x.96-x.x.x.110

http x.x.x.96 255.255.255.240 inside

or, if you meant http access *through* and not *to*...

access-list 101 permit tcp x.x.x.96 255.255.255.240 any eq 80

If this is not acceptable, you'll have to type each one in separately.

New Member

Re: Access List question

I think I understand, but could you show me exactly how the access-list command would look?

Thanks!

Bronze

Re: Access List question

access-list 101 permit tcp x.x.x.96 255.255.255.240 any eq 80

access-group 101 in interface outside

Green

Re: Access List question

Steve,

You need to clarify in which direction this traffic is travelling through your pix. The post directly above is most likely not right as this allows the network to any inside on port 80. I assume these are you inside ips which are going outbound on port 80 or any from outside may access them on port 80.

119
Views
0
Helpful
4
Replies