Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

More efficient Access List/Static Statements

I Have a PIX 515 6.3(5). I need to allow outside web access to a host from the outside; opening ports 9000-9005. Here is an example of the code, that I have come up with.

Is there a better way to write this (e.g. One statement with a range of ports versus a separate line for each one.)

access-list 107 permit tcp any host X.X.X.X eq www

access-list 107 permit tcp any host X.X.X.X eq 9002

access-list 107 permit tcp any host X.X.X.X eq 9003

access-list 107 permit tcp any host X.X.X.X eq 9005

access-list 107 permit tcp any host X.X.X.X eq 9000

access-list 107 permit tcp any host X.X.X.X eq 9001

access-list 107 permit tcp any host X.X.X.X eq 9004

static (inside,outside) tcp X.X.X.X www 10.100.x.x www netmask 255.255.255.255 0 0

static (inside,outside) tcp X.X.X.X 9000 10.100.x.x 9000 netmask 255.255.255.255 0 0

static (inside,outside) tcp X.X.X.X 9001 10.100.x.x 9001 netmask 255.255.255.255 0 0

static (inside,outside) tcp X.X.X.X 9002 10.100.x.x 9002 netmask 255.255.255.255 0 0

static (inside,outside) tcp X.X.X.X 9003 10.100.x.x 9003 netmask 255.255.255.255 0 0

static (inside,outside) tcp X.X.X.X 9004 10.100.x.x 9004 netmask 255.255.255.255 0 0

static (inside,outside) tcp X.X.X.X 9005 10.100.x.x 9005 netmask 255.255.255.255 0 0

1 REPLY
Green

Re: More efficient Access List/Static Statements

access-list 107 permit tcp any host x.x.x.x range 9000 9005

Please rate helpful posts.

119
Views
0
Helpful
1
Replies