1. Home
  2. Cisco Systems
  3. PIX: Confused about the from / to aspect of access list syntax

PIX: Confused about the from / to aspect of access list syntax

Confused about the from / to aspect of access list syntax

Cisco's docs say :

access-list acl_name [deny | permit] protocol source source_netmask destination destination_netmask

but I'm used to seeing configs with

static(inside,outside) xx.xx.xx.41 xx.xx.xx.11 netmask 255.255.255.255

access-list outside extended permit tcp any host xx.xx.xx.41 eq www

if the 241 is the outside we are letting into a webserver shouldn't the access list syntax use the destination (the web server) as the last ip address in it's statement ?

As in access-list outside extended permit tcp any host xx.xx.xx.11 eq www

?
Reply to
barret bonden
Loading thread data ...

Please see my slightler earlier posting,

formatting link

Reply to
Walter Roberson

access-list acl_name [deny | permit] eg. access-list outside

[deny | permit] protocol eg. permit tcp

source source_netmask eg. any

destination destination_netmask eg. host xx.xx.xx.11

eq www

"shouldn't the access list syntax use the destination (the web server) as the last ip address in it's statement"

It does. It says let "any" (source) access "host xx.xx.xx.41" (the destination). What bit do you not understand?

Chris.

Reply to
chris

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.