Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
499
Views
0
Helpful
1
Replies

Access-list on PIX

The_guroo_2
Level 2
Level 2

‎07-18-2010 07:54 PM - edited ‎03-11-2019 11:12 AM

guys a very basic question we have pix firewall and it has many interfaces DMZ......now one of the interface is conected to a core swicth 4500 and on 4500 we have few test servers ....the link which conects from swicth to firewall is ethernet 1 ad access list is as under:

newtest_access_in it has security level3

now the destination server is in dmz and has security level9

the requirment is that from test server which are conected to 4500 has to access dmz server on port 5500

suppose the test server has ip 1.1.1.1 and dmz server has ip 2.2.2.2

so the access-list shd be

newtest_access_in permit tcp host 2.2.2.2 host 1.1.1.1 eq 5500

or shd it be

newtest_access_in permit tcp host 1.1.1.1 host 2.2.2.2 eq 5500

i am confused on source destination

thanks heaps guys

Labels:
0 Helpful
1 Reply 1

Nagaraja Thanthry
Cisco Employee
Cisco Employee

‎07-18-2010 08:57 PM

Hello,

It should be

Access-list newtest_access_in permit tcp host 1.1.1.1 host 2.2.2.2 eq 5500

The format is

Access-list

You need to apply the access-list on the interface closest to the source and

should be in the incoming direction.

Hope this helps.

Regards,

NT

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card