https://community.cisco.com/t5/network-security/access-rule-pix-515e/m-p/1340691#M771318 <P>I am trying to create an access rule in th e DMZ on a PIX 515E to one server in the DMZ (192.168.30.10) from two different IPs:</P><P></P><P>74.125.45.83</P><P>74.125.45.17</P><P></P><P>From these two IPs I want to permit https &amp; ping traffic only. This is where I'm running into a problem.</P><P></P><P>[code]</P><P>access-list tsb-dmz extended permit icmp host 192.168.30.10 any</P><P>access-list tsb-dmz extended permit tcp host 192.168.30.10 any eq www</P><P>access-list tsb-dmz extended permit tcp host 192.168.30.10 any object-group DM_INLINE_TCP_1</P><P>access-list tsb-dmz extended permit tcp host 192.168.30.10 host 192.168.2.19 object-group SQL1433</P><P>access-list tsb-dmz extended permit tcp object-group DM_INLINE_NETWORK_2 host 64.4.33.7 eq https</P><P>access-list tsb-dmz extended permit ip any any inactive</P><P>access-list tsb-dmz extended permit object-group DM_INLINE_SERVICE_1 host 192.168.30.10 host 192.168.2.19</P><P>access-list tsb-dmz extended permit icmp any host 64.4.33.7</P><P>[/code]</P><P></P><P>the traffic is not coming through, what do I need to do?</P> Mon, 11 Mar 2019 16:35:04 GMT epohxavrio 2019-03-11T16:35:04Z https://community.cisco.com/t5/network-security/access-rule-pix-515e/m-p/1340691#M771318 <P>I am trying to create an access rule in th e DMZ on a PIX 515E to one server in the DMZ (192.168.30.10) from two different IPs:</P><P></P><P>74.125.45.83</P><P>74.125.45.17</P><P></P><P>From these two IPs I want to permit https &amp; ping traffic only. This is where I'm running into a problem.</P><P></P><P>[code]</P><P>access-list tsb-dmz extended permit icmp host 192.168.30.10 any</P><P>access-list tsb-dmz extended permit tcp host 192.168.30.10 any eq www</P><P>access-list tsb-dmz extended permit tcp host 192.168.30.10 any object-group DM_INLINE_TCP_1</P><P>access-list tsb-dmz extended permit tcp host 192.168.30.10 host 192.168.2.19 object-group SQL1433</P><P>access-list tsb-dmz extended permit tcp object-group DM_INLINE_NETWORK_2 host 64.4.33.7 eq https</P><P>access-list tsb-dmz extended permit ip any any inactive</P><P>access-list tsb-dmz extended permit object-group DM_INLINE_SERVICE_1 host 192.168.30.10 host 192.168.2.19</P><P>access-list tsb-dmz extended permit icmp any host 64.4.33.7</P><P>[/code]</P><P></P><P>the traffic is not coming through, what do I need to do?</P> Mon, 11 Mar 2019 16:35:04 GMT https://community.cisco.com/t5/network-security/access-rule-pix-515e/m-p/1340691#M771318 epohxavrio 2019-03-11T16:35:04Z https://community.cisco.com/t5/network-security/access-rule-pix-515e/m-p/1340692#M771363 <HTML><HEAD></HEAD><BODY><P>What are the global ip addresses for the server?</P><P>Are the users going to be coming from the outside?</P><P>The you need to manipulate the outside ACL anbd maybe change the translation isd the sevrer is not translated.</P><P></P><P>You will need something like</P><P></P><P>access-l outside-acl permit tcp h 74.125.45.83 h <SERVER global="" ip=""> eq 443</SERVER></P><P>access-l outside-acl permit tcp h 74.125.45.17 h <SERVER global="" ip=""> eq 443</SERVER></P><P>access-l outside-acl permit icmp h 74.125.45.83 h <SERVER global="" ip=""> </SERVER></P><P>access-l outside-acl permit icmp h 74.125.45.17 h <SERVER global="" ip=""></SERVER></P><P>static (dmz,outside) <SERVER global="" ip=""> 192.168.30.10 </SERVER></P><P></P><P>I hope it helps.</P><P></P><P>PK</P><P></P><P></P></BODY></HTML> Sat, 31 Oct 2009 17:43:27 GMT https://community.cisco.com/t5/network-security/access-rule-pix-515e/m-p/1340692#M771363 Panos Kampanakis 2009-10-31T17:43:27Z https://community.cisco.com/t5/network-security/access-rule-pix-515e/m-p/1340693#M771399 <HTML><HEAD></HEAD><BODY><P>I'll try this</P><P></P><P>Thanks</P></BODY></HTML> Sat, 31 Oct 2009 20:07:38 GMT https://community.cisco.com/t5/network-security/access-rule-pix-515e/m-p/1340693#M771399 epohxavrio 2009-10-31T20:07:38Z