PIX: Confused about the from / to aspect of access list syntax

Discussion in 'Cisco' started by barret bonden, Sep 7, 2006.

  1. Confused about the from / to aspect of access list syntax

    Cisco's docs say :



    access-list acl_name [deny | permit] protocol source source_netmask
    destination destination_netmask



    but I'm used to seeing configs with



    static(inside,outside) xx.xx.xx.41 xx.xx.xx.11 netmask 255.255.255.255

    access-list outside extended permit tcp any host xx.xx.xx.41 eq www





    if the 241 is the outside we are letting into a webserver shouldn't the
    access list syntax use the destination (the web server) as the last ip
    address in it's statement ?

    As in access-list outside extended permit tcp any host xx.xx.xx.11 eq www



    ?
    barret bonden, Sep 7, 2006
    #1
    1. Advertising

  2. In article <L3JLg.99$>,
    barret bonden <> wrote:
    >Confused about the from / to aspect of access list syntax


    >but I'm used to seeing configs with


    > static(inside,outside) xx.xx.xx.41 xx.xx.xx.11 netmask 255.255.255.255


    > access-list outside extended permit tcp any host xx.xx.xx.41 eq www


    >if the 241 is the outside we are letting into a webserver shouldn't the
    >access list syntax use the destination (the web server) as the last ip
    >address in it's statement ?


    >As in access-list outside extended permit tcp any host xx.xx.xx.11 eq www


    Please see my slightler earlier posting,

    http://groups.google.ca/group/comp....read/thread/5a6f907e98e2a89f/36f859b132e5ef97
    Walter Roberson, Sep 7, 2006
    #2
    1. Advertising

  3. barret bonden

    chris Guest

    Re: Confused about the from / to aspect of access list syntax

    "barret bonden" <> wrote in message
    news:L3JLg.99$...
    > Confused about the from / to aspect of access list syntax
    >
    > Cisco's docs say :
    >
    >
    >
    > access-list acl_name [deny | permit] protocol source source_netmask
    > destination destination_netmask
    >
    >
    >
    > but I'm used to seeing configs with
    >
    >
    >
    > static(inside,outside) xx.xx.xx.41 xx.xx.xx.11 netmask 255.255.255.255
    >
    > access-list outside extended permit tcp any host xx.xx.xx.41 eq www
    >
    >
    >
    >
    >
    > if the 241 is the outside we are letting into a webserver shouldn't the
    > access list syntax use the destination (the web server) as the last ip
    > address in it's statement ?
    >
    > As in access-list outside extended permit tcp any host xx.xx.xx.11 eq www
    >


    access-list acl_name [deny | permit]
    eg. access-list outside

    [deny | permit] protocol
    eg. permit tcp

    source source_netmask
    eg. any

    destination destination_netmask
    eg. host xx.xx.xx.11

    eq www

    "shouldn't the access list syntax use the destination (the web server) as
    the last ip address in it's statement"

    It does. It says let "any" (source) access "host xx.xx.xx.41" (the
    destination). What bit do you not understand?

    Chris.
    chris, Sep 7, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. J Bard
    Replies:
    2
    Views:
    4,015
    J Bard
    Jan 10, 2004
  2. PS2 gamer
    Replies:
    6
    Views:
    6,817
    Hansang Bae
    Jun 9, 2004
  3. Terry Pinnell

    Confused re aspect ratios

    Terry Pinnell, Feb 23, 2006, in forum: DVD Video
    Replies:
    0
    Views:
    535
    Terry Pinnell
    Feb 23, 2006
  4. DeanB
    Replies:
    29
    Views:
    748
    dj_nme
    Jun 25, 2007
  5. Replies:
    2
    Views:
    353
    Klutz
    Jul 17, 2007
Loading...

Share This Page