cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
380
Views
0
Helpful
3
Replies

Access list both ways

wrwiii122
Level 1
Level 1

access-list acl-lanf (1) permit tcp host 10.101.5.13 host 10.101.5.11 range 3540 3555

Does this allow two way communications between these two devices or do I need to put another entry swapping the IPs?

3 Replies 3

fzamora
Cisco Employee
Cisco Employee

The access list states that packets from host 10.101.5.13 will be allowed to pass through the firewall if the destination is 10.101.5.11 The destination port must match TCP over ports 3540-3555

Nothing else

My question, where do you expect to receive those packets (inside,outside)?

Did you already configure the translation rules?

Franco Zamora

I already set translation rules. I meant to write 10.101.5.13 and 10.101.4.11. 5.13 is on the outside and 4.11 is on the inside. I want to have communications between these devices both ways. So I take it I need two entries in order to do this.

pix by default will permit packet from inside to outside, providing a proper nat/global statement in place. so you don't have to configure an acl for .4.11 (inside) to .5.13 (outside).

now, it depends on which host is going to initiate the traffic. if .5.13 (outside) is the one which initiate the connection, then you'll need to configure static and inbound acl.

e.g.

static (inside,outside) 10.101.4.11 10.101.4.11 netmask 255.255.255.255

access-list inbound permit tcp host 10.101.5.13 host 10.101.4.11 range 3540 3555

access-group in interface outside

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: