Access List question

sonitadmin · ‎08-06-2007

I have a range of about 12 IP's xx.xx.xx.99-xx.xx.xx.110 that I need to allow http access to on my Pix. Is there a command to just allow that range so I don't have to set each one up seperately?

Thanks!

srue · ‎08-06-2007

you could supernet them.

x.x.x.96/28

this will actually allow hosts x.x.x.96-x.x.x.110

http x.x.x.96 255.255.255.240 inside

or, if you meant http access *through* and not *to*...

access-list 101 permit tcp x.x.x.96 255.255.255.240 any eq 80

If this is not acceptable, you'll have to type each one in separately.

sonitadmin · ‎08-06-2007

I think I understand, but could you show me exactly how the access-list command would look?

Thanks!

oabduo983 · ‎08-06-2007

access-list 101 permit tcp x.x.x.96 255.255.255.240 any eq 80

access-group 101 in interface outside

acomiskey · ‎08-06-2007

Steve,

You need to clarify in which direction this traffic is travelling through your pix. The post directly above is most likely not right as this allows the network to any inside on port 80. I assume these are you inside ips which are going outbound on port 80 or any from outside may access them on port 80.