PIX 501 access to specific IP question

Discussion in 'Cisco' started by Robert, Feb 3, 2006.

  1. Robert

    Robert Guest

    Hello all
    I have a question

    I have a pix firewall in 1 remote location
    Interfaces outside and inside are Pblic IP addressess
    Everyone can have access to each IP (from world)
    Can i have 1 ip and let people from few networks access to 1 ip and rest
    will be accessible to everyone ?
    example
    Outside = 90.90.66.221
    Inside = 90.90.70.112 /255.255.255.40

    and to IP address 90.90.90.119 will have access only 80.80.80.11 &
    212.225.12.0/255.255.255.0


    Robert
    Robert, Feb 3, 2006
    #1
    1. Advertising

  2. In article <drvnik$8s8$>,
    Robert <> wrote:
    >I have a pix firewall in 1 remote location
    >Interfaces outside and inside are Pblic IP addressess
    >Everyone can have access to each IP (from world)
    >Can i have 1 ip and let people from few networks access to 1 ip and rest
    >will be accessible to everyone ?
    >example
    >Outside = 90.90.66.221
    >Inside = 90.90.70.112 /255.255.255.40


    >and to IP address 90.90.90.119 will have access only 80.80.80.11 &
    >212.225.12.0/255.255.255.0


    Yes. Create an access-list indicating what you want to permit, with
    the "source" side (first address) being the internal IP address to
    permit, and the "destination" side (second address) being the address
    you want to permit access to. When you have completed the ACL,

    access-group TheACLname in interface inside

    For example,

    access-list in2out permit ip host 90.90.90.119 host 80.80.80.11
    access-list in2out permit ip host 90.90.90.119 212.225.12.0 255.255.255.0
    access-list in2out deny ip host 90.90.90.119 any
    access-list in2out permit ip 90.90.70.112 255.255.255.240 any

    access-group in2out in interface inside


    Warning: be sure to check first what the settings are on 90.90.90.119
    for DNS resolution, mail server, WINS, patch server (Windows Update),
    and time synchronization (defaults to some microsoft addresses for
    Windows 2000 and XP.)
    Walter Roberson, Feb 3, 2006
    #2
    1. Advertising

  3. Robert

    Robert Guest

    "Walter Roberson" <> wrote in message
    news:G%LEf.542219$ki.175143@pd7tw2no...
    > In article <drvnik$8s8$>,
    > Robert <> wrote:
    >>I have a pix firewall in 1 remote location
    >>Interfaces outside and inside are Pblic IP addressess
    >>Everyone can have access to each IP (from world)
    >>Can i have 1 ip and let people from few networks access to 1 ip and rest
    >>will be accessible to everyone ?
    >>example
    >>Outside = 90.90.66.221
    >>Inside = 90.90.70.112 /255.255.255.40

    >
    >>and to IP address 90.90.90.119 will have access only 80.80.80.11 &
    >>212.225.12.0/255.255.255.0

    >
    > Yes. Create an access-list indicating what you want to permit, with
    > the "source" side (first address) being the internal IP address to
    > permit, and the "destination" side (second address) being the address
    > you want to permit access to. When you have completed the ACL,
    >
    > access-group TheACLname in interface inside
    >
    > For example,
    >
    > access-list in2out permit ip host 90.90.90.119 host 80.80.80.11
    > access-list in2out permit ip host 90.90.90.119 212.225.12.0 255.255.255.0
    > access-list in2out deny ip host 90.90.90.119 any
    > access-list in2out permit ip 90.90.70.112 255.255.255.240 any
    >
    > access-group in2out in interface inside
    >
    >
    > Warning: be sure to check first what the settings are on 90.90.90.119
    > for DNS resolution, mail server, WINS, patch server (Windows Update),
    > and time synchronization (defaults to some microsoft addresses for
    > Windows 2000 and XP.)


    Perfect like alays
    Thank you walter

    Robert
    Robert, Feb 3, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. mh
    Replies:
    6
    Views:
    555
    Roger L
    May 10, 2004
  2. Andre
    Replies:
    7
    Views:
    696
    Andre
    Feb 20, 2005
  3. mimiseh
    Replies:
    3
    Views:
    844
  4. John Mason Jr
    Replies:
    0
    Views:
    475
    John Mason Jr
    Jan 24, 2006
  5. Walter Roberson
    Replies:
    1
    Views:
    448
    John Mason Jr
    Jan 25, 2006
Loading...

Share This Page