Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Access list both ways

access-list acl-lanf (1) permit tcp host host range 3540 3555

Does this allow two way communications between these two devices or do I need to put another entry swapping the IPs?

Cisco Employee

Re: Access list both ways

The access list states that packets from host will be allowed to pass through the firewall if the destination is The destination port must match TCP over ports 3540-3555

Nothing else

My question, where do you expect to receive those packets (inside,outside)?

Did you already configure the translation rules?

Franco Zamora

New Member

Re: Access list both ways

I already set translation rules. I meant to write and 5.13 is on the outside and 4.11 is on the inside. I want to have communications between these devices both ways. So I take it I need two entries in order to do this.


Re: Access list both ways

pix by default will permit packet from inside to outside, providing a proper nat/global statement in place. so you don't have to configure an acl for .4.11 (inside) to .5.13 (outside).

now, it depends on which host is going to initiate the traffic. if .5.13 (outside) is the one which initiate the connection, then you'll need to configure static and inbound acl.


static (inside,outside) netmask

access-list inbound permit tcp host host range 3540 3555

access-group in interface outside