Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

PIX 525 & Access-list

I'm trying to permit certain systems on the 172.16.x.x network & block the rest. Below contains my access list,

I allow access to 172.16.2.1, .2, .4, .10.

I want to blcok ALL other systems on the 172.16.x.x network with the "access-list host deny ip any host 172.16.0.0" but this statement is not working.

Help Please !!

Access-list host permit ip any host 172.16.2.1

access-list host permit ip any host 172.16.2.2

access-list host permit ip any host 172.16.2.4

access-list host permit ip any host 172.16.2.10

access-list host deny ip any host 172.16.0.0

access-list host permit ip any any

2 REPLIES
New Member

Re: PIX 525 & Access-list

Also, I've already tried this statement.

access-list host permit ip any host 172.16.2.1

access-list host permit ip any host 172.16.2.2

access-list host permit ip any host 172.16.2.4

access-list host permit ip any host 172.16.2.10

access-list host permit ip any any

access-list host deny ip any host 172.16.0.0

Re: PIX 525 & Access-list

Your first acl is close. Change the last line from:

access-list host deny ip any host 172.16.0.0

to

access-list host deny ip any 172.16.0.0 255.255.0.0

This assumes 172.16.x.x is the destination, not the source of the packets.

Remember with extended acl's it is source then destination.

Steve

145
Views
0
Helpful
2
Replies
CreatePlease to create content