Hello all I have a question
I have a pix firewall in 1 remote location Interfaces outside and inside are Pblic IP addressess Everyone can have access to each IP (from world) Can i have 1 ip and let people from few networks access to 1 ip and rest will be accessible to everyone ? example Outside = 90.90.66.221 Inside = 90.90.70.112 /255.255.255.40
and to IP address 90.90.90.119 will have access only 80.80.80.11 &
212.225.12.0/255.255.255.0Robert
Yes. Create an access-list indicating what you want to permit, with the "source" side (first address) being the internal IP address to permit, and the "destination" side (second address) being the address you want to permit access to. When you have completed the ACL,
access-group TheACLname in interface inside
For example,
access-list in2out permit ip host 90.90.90.119 host 80.80.80.11 access-list in2out permit ip host 90.90.90.119 212.225.12.0 255.255.255.0 access-list in2out deny ip host 90.90.90.119 any access-list in2out permit ip 90.90.70.112 255.255.255.240 any
access-group in2out in interface inside
Warning: be sure to check first what the settings are on 90.90.90.119 for DNS resolution, mail server, WINS, patch server (Windows Update), and time synchronization (defaults to some microsoft addresses for Windows 2000 and XP.)
Perfect like alays Thank you walter
Robert
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.