in addition...do not forget your static lines (if traffic is inbound)... =) Craig Columbus wrote: The pix can easily do this. Use one line for each outside address that you want the inside client to access. You don't say what port you're contacting on the outside, but you should also limit contact by port. For example:
access-list 101 permit tcp host 192.168.1.1 host 1.1.1.1 eq www access-list 101 permit tcp host 192.168.1.1 host 1.1.1.2 eq www access-list 101 permit tcp host 192.168.1.1 host 1.1.1.3 eq www access-list 101 deny ip host 192.168.1.1 any Hope this helps. However, I recommend that you have your pix config reviewed by a security guru to verify that you haven't accidentally opened your network up. Craig At 12:45 PM 1/17/2002 -0500, you wrote: >I have a Pix 515 running ver. 6.1. I have a host that will be made available >to the public for a web-enabled product demonstration. Parts of the product >are NOT located on my internal network, so host needs to cross the firewall >to function properly. Can I add a line to my access list that will allow >this particular host access ONLY to two or three different IP addresses, and >deny it access to the rest of the www? Could someone give me a little help >with the syntax? Would it be something like this: > >access-list 101 permit ip 255.255.0.0 255.255.255.0 > >Can I put all the addresses that I want to allow the host to access in one >line? Do I need 3 separate lines? Should I put a deny statement at the end? >Will this even work? Am I high? Just kidding, thanks in advance. > >Kris. Do You Yahoo!? Send FREE video emails in Yahoo! Mail. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=32435&t=32320 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]