access range ? Via object group ?

Discussion in 'Cisco' started by barret bonden, Sep 24, 2004.

  1. I have to open up a series of port numbers for a proprietary app sever; I
    suppose I coiuld do something like

    access-list dmz permit tcp any host 192.168.2.149 10000
    access-list dmz permit tcp any host 192.168.2.149 10001
    access-list dmz permit tcp any host 192.168.2.149 10002
    etc...

    or
    access-list dmz permit tcp any host 192.168.2.149 range 10000 10005

    but I've never seen range in any of my books ... do I have the syntax right
    ? Cisco does site it here but but I'm always cynical ...
    http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref
    /ab.htm#wp1067755

    could one also use an object group ? Would it be a service ? as in

    object group service mightwork tcp
    port-object range 10000 10005

    and then
    access-list dmz permit tcp any host 192.168.2.149 object-group mightwork

    ?????
     
    barret bonden, Sep 24, 2004
    #1
    1. Advertising

  2. In article <>,
    barret bonden <> wrote:
    :I have to open up a series of port numbers for a proprietary app sever; I
    :suppose I coiuld do something like

    :access-list dmz permit tcp any host 192.168.2.149 10000
    :access-list dmz permit tcp any host 192.168.2.149 10001

    No, you would need 'eq' before the port numbers.

    :eek:r
    :access-list dmz permit tcp any host 192.168.2.149 range 10000 10005

    That should work.

    :but I've never seen range in any of my books ... do I have the syntax right
    :? Cisco does site it here but but I'm always cynical ...

    Using a port range on PIX works. Or go ahead and use an object group
    if you want: that would give you the flexibility to later use
    non-contiguous ranges.
    --
    Pity the poor electron, floating around minding its own business for
    billions of years; and then suddenly Bam!! -- annihilated just so
    you could read this posting.
     
    Walter Roberson, Sep 24, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    0
    Views:
    415
  2. AM
    Replies:
    1
    Views:
    1,977
    Walter Roberson
    Mar 11, 2005
  3. Tom Lauwereins

    Bad object type when reload via snmp

    Tom Lauwereins, Mar 29, 2005, in forum: Cisco
    Replies:
    2
    Views:
    5,545
    Tom Lauwereins
    Mar 30, 2005
  4. Ian McKellan

    Object-group help on PIX 501

    Ian McKellan, Jan 9, 2006, in forum: Cisco
    Replies:
    3
    Views:
    3,941
    Martin Bilgrav
    Jan 10, 2006
  5. Replies:
    1
    Views:
    512
Loading...

Share This Page