11-07-2007 06:41 AM - edited 02-20-2020 09:39 PM
I want to tighten my access-lists so that only certain clients can see certain host.
I am running on a PIX 515 ver 7.1(2).4
My current access list is
access-list 111 extended permit ip 10.10.128.0 255.255.255.0 192.9.20.0 255.255.255.0
What I want to do is only allow users on the 192.9.20.0 network to access a server at 10.10.128.33 for telnet application. I also want one user to from the 10.10.128.0 network to access servers on the 192.9.20.0
I put in the following two access-lists
access-list 111 extended permit ip host 10.10.128.183 192.9.20.0 255.255.255.0
access-list 111 extended permit tcp host 10.10.128.33 192.9.20.0 255.255.255.0 eq telnet
Problem is that I can not connect to the 10.10.128.33 server via telnet anymore from the 192.9.20.0 network.
Also, even though I can still RDC into a server from 10.10.128.0 network that is on teh 192.9.20.0 network it continuous drops the connection and then reesablishes. This never happened with the previous access-list.
Any help is appreciated.
Thanks.
11-07-2007 07:35 AM
Hi
The telnet line in your access-list needs changing
access-list 111 extended permit tcp 192.9.20.0 255.255.255.0 host 10.10.128.33 eq telnet
HTH
Jon
11-07-2007 08:59 AM
Hi Jon,
Thanks but this access-list didn't work either.
Just so you know the PIX is on the 10.10.128.0 network and the 192.9.20.0 is a remote network that is using a VPN tunnel to connect.
Any other thoughts.
Thanks.
11-08-2007 12:05 PM
Anyone have any ideas on this?
Thanks.
11-08-2007 12:13 PM
Sorry, i missed your original reply.
Can you post configs if you have them for both ends of the VPN tunnel ?
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide