03-20-2007 05:35 PM - edited 03-05-2019 03:01 PM
Hi all, can anyone tell me why creating an access list allowing an ip subnet to another one through my firewall would not let me connect remotely to the pc, until I added the tcp port of the program in, I thought ip would of covered this ?
cheers
03-20-2007 06:47 PM
It does not function that way, ip is all encompassing. For instance if I had...
access-list 100 permit ip any any
I would not need
access-list 100 permit tcp any any eq 3389
Post the acl's you were using. Are you sure you had the acl applied?
03-21-2007 02:14 AM
Hi
here are the acls, for some reason I have had to allow the port in to dial into the machine. It would not work without
access-list inside-vlan_access_in extended permit ip 172.16.0.0 255.255.0.0 any
access-list inside-vlan_access_in extended permit ip 172.24.0.0 255.255.0.0 any
access-list inside-vlan_access_in extended permit ip 172.23.0.0 255.255.0.0 any
access-list inside-vlan_access_in extended permit ip 172.17.0.0 255.255.0.0 any
03-21-2007 02:58 AM
I have now sorted the issue, there was an incorrect mask on one of the entries
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: