Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
570
Views
0
Helpful
2
Replies

Port Range question on Access-list

jeff
Level 1
Level 1

‎12-17-2003 04:40 PM - edited ‎02-20-2020 09:23 PM

We have a PIX 515 with FOS v6.3. Below is an access list on the PIX. I would like to do a port range of 20 - 21 but when I try to use a range I keep getting an error. Can a port range be used with this type of access list?

access-list outside-in permit tcp any object-group DMZ_ftp eq 20-21

Thanks for any help.

Jeff

Labels:
0 Helpful
2 Replies 2

tvanginneken
Level 4
Level 4

‎12-18-2003 07:01 AM

Hi,

you could create an 'object-group' for the two tcp ports that you need. Add port-range 20 to 21 to this object-group and use the object-group in the access-list

object-group service 'my-group' tcp

port-object range 20 21

If rule is for allowing ftp traffic through the pix, you only need to allow the control port (tcp/21 or use the 'ftp' keyword) and the pix will automically/dynamically allow port tcp/20 for the data channel. Make sure that the 'fixup protocol ftp' is defined in the config of the pix to make this work.

Regards,

Tom

0 Helpful

jeff
Level 1
Level 1
In response to tvanginneken

‎12-18-2003 08:55 AM

Thanks for the reply.

This access list is being used for outside ftp access to servers on the DMZ. I created a network group object of servers which should have ftp access to them. By creating the network group I can use the group to specify ftp access to them with the one access list statement.

Thanks.

Jeff

0 Helpful
Customers Also Viewed These Support Documents