https://community.cisco.com/t5/network-security/acl-help-on-pix-506e/m-p/873526#M958995 <P>Hello All,</P><P>I have a PIX 506e v6.3. I need to provide outside access to port 80 and port 3389 on one inside client and access to port 1433 on another client. I've come up with access lists something like this: (12.12.12.12 is the outside interface on the pix and 24.24.24.24 is a remote location I want to have access)</P><P></P><P>access-list 110 permit tcp host 192.168.99.95 host 12.12.12.12 eq www</P><P>access-list 110 permit tcp host 192.168.99.94 host 12.12.12.12 eq 1433</P><P>access-list 110 permit tcp host 192.168.99.95 host 24.24.24.24 eq 3389</P><P></P><P>access-group 110 in interface outside</P><P></P><P>static (inside,outside) 12.12.12.12 192.168.99.95 netmask 255.255.255.255</P><P>static (inside,outside) 12.12.12.12 192.168.99.94 netmask 255.255.255.255</P><P></P><P>Thanks</P> Mon, 11 Mar 2019 11:41:55 GMT ed-rucker 2019-03-11T11:41:55Z https://community.cisco.com/t5/network-security/acl-help-on-pix-506e/m-p/873526#M958995 <P>Hello All,</P><P>I have a PIX 506e v6.3. I need to provide outside access to port 80 and port 3389 on one inside client and access to port 1433 on another client. I've come up with access lists something like this: (12.12.12.12 is the outside interface on the pix and 24.24.24.24 is a remote location I want to have access)</P><P></P><P>access-list 110 permit tcp host 192.168.99.95 host 12.12.12.12 eq www</P><P>access-list 110 permit tcp host 192.168.99.94 host 12.12.12.12 eq 1433</P><P>access-list 110 permit tcp host 192.168.99.95 host 24.24.24.24 eq 3389</P><P></P><P>access-group 110 in interface outside</P><P></P><P>static (inside,outside) 12.12.12.12 192.168.99.95 netmask 255.255.255.255</P><P>static (inside,outside) 12.12.12.12 192.168.99.94 netmask 255.255.255.255</P><P></P><P>Thanks</P> Mon, 11 Mar 2019 11:41:55 GMT https://community.cisco.com/t5/network-security/acl-help-on-pix-506e/m-p/873526#M958995 ed-rucker 2019-03-11T11:41:55Z https://community.cisco.com/t5/network-security/acl-help-on-pix-506e/m-p/873527#M958996 <HTML><HEAD></HEAD><BODY><P>Do you want a remote location (24.24.24.24) to access your inside client (12.12.12.12)?</P><P>If you want to access remote location (24.24.24.24) from inside client (12.12.12.12) you dont need ACLs, if your default config is not flitered with inside_access_in</P></BODY></HTML> Tue, 11 Dec 2007 09:58:06 GMT https://community.cisco.com/t5/network-security/acl-help-on-pix-506e/m-p/873527#M958996 Alan Huseyin Kayahan 2007-12-11T09:58:06Z https://community.cisco.com/t5/network-security/acl-help-on-pix-506e/m-p/873528#M958998 <HTML><HEAD></HEAD><BODY><P>12.12.12.12 is the outside interface on the pix.</P><P></P><P></P></BODY></HTML> Tue, 11 Dec 2007 10:31:22 GMT https://community.cisco.com/t5/network-security/acl-help-on-pix-506e/m-p/873528#M958998 ed-rucker 2007-12-11T10:31:22Z https://community.cisco.com/t5/network-security/acl-help-on-pix-506e/m-p/873529#M958999 <HTML><HEAD></HEAD><BODY><P>Would you please rephrase your situation by using "from" and "to"</P><P>btw you cant one-to-one map 1 IP to two hosts</P><P>static (inside,outside) 12.12.12.12 192.168.99.95 netmask 255.255.255.255 </P><P>static (inside,outside) 12.12.12.12 192.168.99.94 netmask 255.255.255.255 </P><P>And you cant map interface IP like that. I will start posting as I correctly understand the issue.</P><P></P><P>Regards</P></BODY></HTML> Tue, 11 Dec 2007 11:05:41 GMT https://community.cisco.com/t5/network-security/acl-help-on-pix-506e/m-p/873529#M958999 Alan Huseyin Kayahan 2007-12-11T11:05:41Z https://community.cisco.com/t5/network-security/acl-help-on-pix-506e/m-p/873530#M959002 <HTML><HEAD></HEAD><BODY><P>ok</P><P></P><P>I need to go from outside any to inside 192.168.99.95 eq www</P><P></P><P>I need to go from outside any to inside 192.168.99.94 eq 1433</P><P></P><P>and last from outside 24.24.24.24 to inside 192.168.99.95 eq 3389</P><P></P><P>thanks</P><P></P><P></P></BODY></HTML> Tue, 11 Dec 2007 11:14:21 GMT https://community.cisco.com/t5/network-security/acl-help-on-pix-506e/m-p/873530#M959002 ed-rucker 2007-12-11T11:14:21Z https://community.cisco.com/t5/network-security/acl-help-on-pix-506e/m-p/873531#M959004 <HTML><HEAD></HEAD><BODY><P>Hi Ed</P><P>Here is what you need</P><P></P><P></P><P>static (inside,outside) tcp interface www 192.168.99.95 www netmask 255.255.255.255 </P><P>static (inside,outside) tcp interface 3389 192.168.99.95 3389 netmask 255.255.255.255 </P><P>static (inside,outside) tcp interface 1433 192.168.99.94 1433 netmask 255.255.255.255 </P><P></P><P>access-list outside_access_in permit tcp any interface outside eq www</P><P>access-list outside_access_in permit tcp any interface outside eq 1433</P><P>access-list outside_access_in permit tcp host 24.24.24.24 interface outside eq 3389</P><P>access-group outside_access_in in interface outside</P><P></P><P>Regards</P></BODY></HTML> Tue, 11 Dec 2007 12:35:09 GMT https://community.cisco.com/t5/network-security/acl-help-on-pix-506e/m-p/873531#M959004 Alan Huseyin Kayahan 2007-12-11T12:35:09Z https://community.cisco.com/t5/network-security/acl-help-on-pix-506e/m-p/873532#M959007 <HTML><HEAD></HEAD><BODY><P>Thank You, Thank You, Thank You, You are most Excelante'! - Ed</P></BODY></HTML> Tue, 11 Dec 2007 14:03:35 GMT https://community.cisco.com/t5/network-security/acl-help-on-pix-506e/m-p/873532#M959007 ed-rucker 2007-12-11T14:03:35Z https://community.cisco.com/t5/network-security/acl-help-on-pix-506e/m-p/873533#M959009 <HTML><HEAD></HEAD><BODY><P>You are welcome</P></BODY></HTML> Tue, 11 Dec 2007 14:06:29 GMT https://community.cisco.com/t5/network-security/acl-help-on-pix-506e/m-p/873533#M959009 Alan Huseyin Kayahan 2007-12-11T14:06:29Z