PIX: Confused about the from / to aspect of access list syntax

Discussion in 'Cisco' started by barret bonden, Sep 7, 2006.

  1. Confused about the from / to aspect of access list syntax

    Cisco's docs say :



    access-list acl_name [deny | permit] protocol source source_netmask
    destination destination_netmask



    but I'm used to seeing configs with



    static(inside,outside) xx.xx.xx.41 xx.xx.xx.11 netmask 255.255.255.255

    access-list outside extended permit tcp any host xx.xx.xx.41 eq www





    if the 241 is the outside we are letting into a webserver shouldn't the
    access list syntax use the destination (the web server) as the last ip
    address in it's statement ?

    As in access-list outside extended permit tcp any host xx.xx.xx.11 eq www



    ?
     
    barret bonden, Sep 7, 2006
    #1
    1. Advertisements

  2. Please see my slightler earlier posting,

    http://groups.google.ca/group/comp....read/thread/5a6f907e98e2a89f/36f859b132e5ef97
     
    Walter Roberson, Sep 7, 2006
    #2
    1. Advertisements

  3. barret bonden

    chris Guest

    access-list acl_name [deny | permit]
    eg. access-list outside

    [deny | permit] protocol
    eg. permit tcp

    source source_netmask
    eg. any

    destination destination_netmask
    eg. host xx.xx.xx.11

    eq www

    "shouldn't the access list syntax use the destination (the web server) as
    the last ip address in it's statement"

    It does. It says let "any" (source) access "host xx.xx.xx.41" (the
    destination). What bit do you not understand?

    Chris.
     
    chris, Sep 7, 2006
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.