cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
590
Views
0
Helpful
4
Replies

Tightening access-list

boschrexroth
Level 1
Level 1

I want to tighten my access-lists so that only certain clients can see certain host.

I am running on a PIX 515 ver 7.1(2).4

My current access list is

access-list 111 extended permit ip 10.10.128.0 255.255.255.0 192.9.20.0 255.255.255.0

What I want to do is only allow users on the 192.9.20.0 network to access a server at 10.10.128.33 for telnet application. I also want one user to from the 10.10.128.0 network to access servers on the 192.9.20.0

I put in the following two access-lists

access-list 111 extended permit ip host 10.10.128.183 192.9.20.0 255.255.255.0

access-list 111 extended permit tcp host 10.10.128.33 192.9.20.0 255.255.255.0 eq telnet

Problem is that I can not connect to the 10.10.128.33 server via telnet anymore from the 192.9.20.0 network.

Also, even though I can still RDC into a server from 10.10.128.0 network that is on teh 192.9.20.0 network it continuous drops the connection and then reesablishes. This never happened with the previous access-list.

Any help is appreciated.

Thanks.

4 Replies 4

Jon Marshall
Hall of Fame
Hall of Fame

Hi

The telnet line in your access-list needs changing

access-list 111 extended permit tcp 192.9.20.0 255.255.255.0 host 10.10.128.33 eq telnet

HTH

Jon

Hi Jon,

Thanks but this access-list didn't work either.

Just so you know the PIX is on the 10.10.128.0 network and the 192.9.20.0 is a remote network that is using a VPN tunnel to connect.

Any other thoughts.

Thanks.

Anyone have any ideas on this?

Thanks.

Sorry, i missed your original reply.

Can you post configs if you have them for both ends of the VPN tunnel ?

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: