https://community.cisco.com/t5/network-security/pix-access-list-question/m-p/149862#M607214 <HTML><HEAD></HEAD><BODY><P>The command is:</P><P>access-list test permit tcp 192.168.1.50 (subnet mask) host 10.10.10.1 eq 80</P></BODY></HTML> Wed, 09 Apr 2003 19:17:45 GMT apriore685 2003-04-09T19:17:45Z https://community.cisco.com/t5/network-security/pix-access-list-question/m-p/149861#M607213 <P>The following access-list works on a cisco router, however, the list will not work on the PIX (I change the wildcard mask to a subnet mask for the PIX).</P><P></P><P>Router (works)</P><P>access-list test permit tcp 192.168.1.50 0.0.0.5 host 10.10.10.1 eq 80</P><P></P><P>PIX (does not work)</P><P>access-list test permit tcp 192.168.1.50 0.0.0.10 host 10.10.10.1 eq 80</P><P></P><P>I receive the following error message on the PIX:</P><P>ERROR: Source address,mask &lt;192.168.1.50, 0.0.0.10&gt; doesn't pair</P><P></P><P>Is there a way to group IP addresses together on the PIX in a similar fashion as Cisco IOS?</P><P></P><P>Thanks You!</P><P>Domo Arigato!</P> Fri, 21 Feb 2020 06:40:46 GMT https://community.cisco.com/t5/network-security/pix-access-list-question/m-p/149861#M607213 davelockerby 2020-02-21T06:40:46Z https://community.cisco.com/t5/network-security/pix-access-list-question/m-p/149862#M607214 <HTML><HEAD></HEAD><BODY><P>The command is:</P><P>access-list test permit tcp 192.168.1.50 (subnet mask) host 10.10.10.1 eq 80</P></BODY></HTML> Wed, 09 Apr 2003 19:17:45 GMT https://community.cisco.com/t5/network-security/pix-access-list-question/m-p/149862#M607214 apriore685 2003-04-09T19:17:45Z https://community.cisco.com/t5/network-security/pix-access-list-question/m-p/149863#M607215 <HTML><HEAD></HEAD><BODY><P>Goal is to create single access-list statement that covers several hosts.</P><P></P><P>Example:</P><P>Permit hosts 192.168.1.50 - 192.168.1.54 to access web server on host 10.10.10.1.</P><P></P><P>Can a single access-list statment be created that permits all five of the above hosts port 80 access to the web server on host 10.10.10.1</P><P></P><P>Trying to avoid entering an access-list statement for each host needing access to web server.</P><P></P><P>Thanks.</P></BODY></HTML> Thu, 10 Apr 2003 11:52:11 GMT https://community.cisco.com/t5/network-security/pix-access-list-question/m-p/149863#M607215 davelockerby 2003-04-10T11:52:11Z https://community.cisco.com/t5/network-security/pix-access-list-question/m-p/149864#M607216 <HTML><HEAD></HEAD><BODY><P>What pix os version are you running? Recent versions support an object group concept, where you can group associated things to do exactly what you seek.</P><P></P><P>Matt</P></BODY></HTML> Thu, 10 Apr 2003 13:26:32 GMT https://community.cisco.com/t5/network-security/pix-access-list-question/m-p/149864#M607216 mostiguy 2003-04-10T13:26:32Z https://community.cisco.com/t5/network-security/pix-access-list-question/m-p/149865#M607217 <HTML><HEAD></HEAD><BODY><P>You can only use</P><P></P><P>192.168.1.48 255.255.255.248 for the source or if this are to many hosts you have to insert a separate entry for each source.</P><P></P><P>Of course you can deny host 192.168.1.49 and </P><P>allow the others permit 192.168.1.48 255.255.255.248 </P></BODY></HTML> Thu, 10 Apr 2003 13:46:53 GMT https://community.cisco.com/t5/network-security/pix-access-list-question/m-p/149865#M607217 andre.frost 2003-04-10T13:46:53Z https://community.cisco.com/t5/network-security/pix-access-list-question/m-p/149866#M607218 <HTML><HEAD></HEAD><BODY><P>Version 6.2(2)</P><P></P><P>Thanks for the input on object groups. I'll do more research and see if object groups offer a viable solution.</P><P></P><P>Thanks-</P></BODY></HTML> Wed, 16 Apr 2003 11:04:15 GMT https://community.cisco.com/t5/network-security/pix-access-list-question/m-p/149866#M607218 davelockerby 2003-04-16T11:04:15Z https://community.cisco.com/t5/network-security/pix-access-list-question/m-p/149867#M607219 <HTML><HEAD></HEAD><BODY><P>The PIX uses subnet masks, not wildcard masks, that's why you get the address, mask doesn't pair error...</P></BODY></HTML> Wed, 16 Apr 2003 11:22:56 GMT https://community.cisco.com/t5/network-security/pix-access-list-question/m-p/149867#M607219 2gcatron 2003-04-16T11:22:56Z