PIX: Confused about the from / to aspect of access list syntax

09-06-2006

Confused about the from / to aspect of access list syntax

Cisco's docs say :

access-list acl_name [deny | permit] protocol source source_netmask
destination destination_netmask

but I'm used to seeing configs with

static(inside,outside) xx.xx.xx.41 xx.xx.xx.11 netmask 255.255.255.255

access-list outside extended permit tcp any host xx.xx.xx.41 eq www

if the 241 is the outside we are letting into a webserver shouldn't the
access list syntax use the destination (the web server) as the last ip
address in it's statement ?

As in access-list outside extended permit tcp any host xx.xx.xx.11 eq www

?

09-07-2006

In article <L3JLg.99$>,
barret bonden <> wrote:
>Confused about the from / to aspect of access list syntax

>but I'm used to seeing configs with

> static(inside,outside) xx.xx.xx.41 xx.xx.xx.11 netmask 255.255.255.255

> access-list outside extended permit tcp any host xx.xx.xx.41 eq www

>if the 241 is the outside we are letting into a webserver shouldn't the
>access list syntax use the destination (the web server) as the last ip
>address in it's statement ?

>As in access-list outside extended permit tcp any host xx.xx.xx.11 eq www

Please see my slightler earlier posting,

http://groups.google.ca/group/comp.d...f859b132e5ef97

09-07-2006

"barret bonden" <> wrote in message
news:L3JLg.99$...
> Confused about the from / to aspect of access list syntax
>
> Cisco's docs say :
>
>
>
> access-list acl_name [deny | permit] protocol source source_netmask
> destination destination_netmask
>
>
>
> but I'm used to seeing configs with
>
>
>
> static(inside,outside) xx.xx.xx.41 xx.xx.xx.11 netmask 255.255.255.255
>
> access-list outside extended permit tcp any host xx.xx.xx.41 eq www
>
>
>
>
>
> if the 241 is the outside we are letting into a webserver shouldn't the
> access list syntax use the destination (the web server) as the last ip
> address in it's statement ?
>
> As in access-list outside extended permit tcp any host xx.xx.xx.11 eq www
>

access-list acl_name [deny | permit]
eg. access-list outside

[deny | permit] protocol
eg. permit tcp

source source_netmask
eg. any

destination destination_netmask
eg. host xx.xx.xx.11

eq www

"shouldn't the access list syntax use the destination (the web server) as
the last ip address in it's statement"

It does. It says let "any" (source) access "host xx.xx.xx.41" (the
destination). What bit do you not understand?

Chris.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Confused by route matching syntax	anon6111@hotmail.com	Cisco	2	07-17-2007 03:41 PM
Nikon wide angle lense question - confused on one aspect	DeanB	Digital Photography	29	06-25-2007 12:33 PM
403 Forbidden: You were denied access because: Access denied by access control list	Southern Kiwi	NZ Computing	6	03-19-2006 05:19 AM
Confused re aspect ratios	Terry Pinnell	DVD Video	0	02-23-2006 08:36 AM
I'd like to know about the difference of between access-list and ip access -list.	PS2 gamer	Cisco	6	06-09-2004 01:37 PM