Access list questions

amohammed01 · ‎02-24-2006

I have a PIX 515E running ver 6.3, and I want to allow my subnet of 10.13.0.0/24 network to have access to server (10.60.0.40) that’s sits outside of our internal firewall. Would the following command be correct?

access-list 1 permit tcp host 10.60.0.40 host 10.13.0.0 255.255.255.0

Thank you

Amin

Patrick Iseli · ‎02-24-2006

No it is not,

If you do not have an access-list on the inside interface then all access from the higher level security zone (inside 100) to the lower security zone (outside 0) is permited. So you have nothing to configure.

Do a < show access-group > to see if you have an access-list on it.

If you would like to allow access, because you have an ACL on the inside interface, then it would look as this:

access-list 1 permit ip 10.13.0.0 255.255.255.0 host 10.60.0.40

access-group 1 in interface inside

But take care if you do not specify after the that line < access-list 1 permit ip 10.13.0.0 255.255.255.0 host 10.60.0.40 > what other traffic will be allowed than all other traffic will be blocked. Even if it is not shown a < deny ip any any > follows at the end of each access-list.

Take a look at the documentation - Establishing Connectivity: http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a0080172786.html

sincerely

Patrick