Re: PIX Access-list Problem. [7:37336]
ACCESS LIST for IOS Router is using wildcard mask BUT for PIX accesslist it is using normal masking ~ be careful... ""Scott Nawalaniec"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi Ivan, > > Neither access-list would work, because if your trying to limit telnet > access for the network 200.200.200. to network 10.10. then you would have > this access-list: > > access-list 100 permit tcp 200.200.200.0 0.0.0.255 10.10.0.0 > 0.0.255.255 eq 23 > > This is because access-lists uses source wildcards. > > Scott > > -Original Message- > From: Ivan [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, March 05, 2002 4:22 PM > To: [EMAIL PROTECTED] > Subject: PIX Access-list Problem. [7:37336] > > > Hi all, > > I have a problem, does anyone can give me a answer? > Which the following access-list is right to allow only telnet? > > 1. access-list 100 permit tcp 200.200.200.0 255.255.255.0 10.10.0.0 > 255.255.0.0 23 > > 2. access-list 100 permit tcp 200.200.200.0 255.255.255.0 10.10.0.0 > 255.255.0.0 eq 23 > > Thank you very much. > > Ivan Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=37370&t=37336 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX Access-list Problem. [7:37336]
Oops Ivan, Its been a long day. I didn't see that this is for a PIX. The correct access-list would be #2. Scott -Original Message- From: Ivan [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 05, 2002 4:22 PM To: [EMAIL PROTECTED] Subject: PIX Access-list Problem. [7:37336] Hi all, I have a problem, does anyone can give me a answer? Which the following access-list is right to allow only telnet? 1. access-list 100 permit tcp 200.200.200.0 255.255.255.0 10.10.0.0 255.255.0.0 23 2. access-list 100 permit tcp 200.200.200.0 255.255.255.0 10.10.0.0 255.255.0.0 eq 23 Thank you very much. Ivan Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=37342&t=37336 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX Access-list Problem. [7:37336]
Hi Ivan, Neither access-list would work, because if your trying to limit telnet access for the network 200.200.200. to network 10.10. then you would have this access-list: access-list 100 permit tcp 200.200.200.0 0.0.0.255 10.10.0.0 0.0.255.255 eq 23 This is because access-lists uses source wildcards. Scott -Original Message- From: Ivan [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 05, 2002 4:22 PM To: [EMAIL PROTECTED] Subject: PIX Access-list Problem. [7:37336] Hi all, I have a problem, does anyone can give me a answer? Which the following access-list is right to allow only telnet? 1. access-list 100 permit tcp 200.200.200.0 255.255.255.0 10.10.0.0 255.255.0.0 23 2. access-list 100 permit tcp 200.200.200.0 255.255.255.0 10.10.0.0 255.255.0.0 eq 23 Thank you very much. Ivan Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=37341&t=37336 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX Access-list Problem. [7:37336]
# 2. # 1 wont won't work as it doesn't specify the eq portion. It should ( at least on 5.2 code ) generate an error. All this is assuming that 200.200.200.0 is the correct source and 10.10.0.0 255.255.0.0 is the correct destination. Thanks Larry -Original Message- From: Ivan [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 05, 2002 7:22 PM To: [EMAIL PROTECTED] Subject: PIX Access-list Problem. [7:37336] Hi all, I have a problem, does anyone can give me a answer? Which the following access-list is right to allow only telnet? 1. access-list 100 permit tcp 200.200.200.0 255.255.255.0 10.10.0.0 255.255.0.0 23 2. access-list 100 permit tcp 200.200.200.0 255.255.255.0 10.10.0.0 255.255.0.0 eq 23 Thank you very much. Ivan Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=37340&t=37336 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX Access-list Problem. [7:37336]
Hi all, I have a problem, does anyone can give me a answer? Which the following access-list is right to allow only telnet? 1. access-list 100 permit tcp 200.200.200.0 255.255.255.0 10.10.0.0 255.255.0.0 23 2. access-list 100 permit tcp 200.200.200.0 255.255.255.0 10.10.0.0 255.255.0.0 eq 23 Thank you very much. Ivan Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=37336&t=37336 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
