Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Tightening access-list

I want to tighten my access-lists so that only certain clients can see certain host.

I am running on a PIX 515 ver 7.1(2).4

My current access list is

access-list 111 extended permit ip 10.10.128.0 255.255.255.0 192.9.20.0 255.255.255.0

What I want to do is only allow users on the 192.9.20.0 network to access a server at 10.10.128.33 for telnet application. I also want one user to from the 10.10.128.0 network to access servers on the 192.9.20.0

I put in the following two access-lists

access-list 111 extended permit ip host 10.10.128.183 192.9.20.0 255.255.255.0

access-list 111 extended permit tcp host 10.10.128.33 192.9.20.0 255.255.255.0 eq telnet

Problem is that I can not connect to the 10.10.128.33 server via telnet anymore from the 192.9.20.0 network.

Also, even though I can still RDC into a server from 10.10.128.0 network that is on teh 192.9.20.0 network it continuous drops the connection and then reesablishes. This never happened with the previous access-list.

Any help is appreciated.

Thanks.

4 REPLIES
Hall of Fame Super Blue

Re: Tightening access-list

Hi

The telnet line in your access-list needs changing

access-list 111 extended permit tcp 192.9.20.0 255.255.255.0 host 10.10.128.33 eq telnet

HTH

Jon

New Member

Re: Tightening access-list

Hi Jon,

Thanks but this access-list didn't work either.

Just so you know the PIX is on the 10.10.128.0 network and the 192.9.20.0 is a remote network that is using a VPN tunnel to connect.

Any other thoughts.

Thanks.

New Member

Re: Tightening access-list

Anyone have any ideas on this?

Thanks.

Hall of Fame Super Blue

Re: Tightening access-list

Sorry, i missed your original reply.

Can you post configs if you have them for both ends of the VPN tunnel ?

Jon

111
Views
0
Helpful
4
Replies