In article <drvnik$8s8$>,
Robert <> wrote:
>I have a pix firewall in 1 remote location
>Interfaces outside and inside are Pblic IP addressess
>Everyone can have access to each IP (from world)
>Can i have 1 ip and let people from few networks access to 1 ip and rest
>will be accessible to everyone ?
>example
>Outside = 90.90.66.221
>Inside = 90.90.70.112 /255.255.255.40
>and to IP address 90.90.90.119 will have access only 80.80.80.11 &
>212.225.12.0/255.255.255.0
Yes. Create an access-list indicating what you want to permit, with
the "source" side (first address) being the internal IP address to
permit, and the "destination" side (second address) being the address
you want to permit access to. When you have completed the ACL,
access-group TheACLname in interface inside
For example,
access-list in2out permit ip host 90.90.90.119 host 80.80.80.11
access-list in2out permit ip host 90.90.90.119 212.225.12.0 255.255.255.0
access-list in2out deny ip host 90.90.90.119 any
access-list in2out permit ip 90.90.70.112 255.255.255.240 any
access-group in2out in interface inside
Warning: be sure to check first what the settings are on 90.90.90.119
for DNS resolution, mail server, WINS, patch server (Windows Update),
and time synchronization (defaults to some microsoft addresses for
Windows 2000 and XP.)
|
Similar Threads
