Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1286
Views
0
Helpful
2
Replies

access list from a PIX Rookie

bwinslow
Level 1
Level 1

‎01-04-2002 03:08 PM - edited ‎02-20-2020 09:56 PM

There is a web site that users at my company need to access on port 7001. Do I have to add this port to my access-list and does it have to be before any deny statement? ie

access-list user_access permit tcp any any eq 7001

Thanks

0 Helpful
2 Replies 2

ross.filipek
Level 1
Level 1

‎01-07-2002 05:51 AM

If the Web server your users need to access is located outside the PIX, you don't need to permit port 7001 in your access-list. The PIX maintains a table of all sessions that are initiated from the inside, and permits the return traffic even if you don't specifically permit the respective sockets in your ACL. In fact, you only need to create an ACL for sessions that will be initiated from a lower-security interface to a higher one.

0 Helpful

bwinslow
Level 1
Level 1
In response to ross.filipek

‎01-07-2002 06:40 AM

Well the web server is outside (ie the internet)and my users are obviously on a secure inside interface. Thank you sir!!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card