Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

access list and permitting a range of ips

Status
Not open for further replies.
caswcu

caswcu

Technical User
Feb 16, 2005
93
US
how do i change the following to allow anyone on 72.6.0.0/16 in

access-list UPS_Outside permit tcp host 69.248.*.* host 192.168.1.150 eq 22011
 
Sort by date Sort by votes
access-list UPS_Outside permit tcp 72.6.0.0 255.255.0.0 host 192.168.1.150 eq 22011

Computer/Network Technician
CCNA
 
Upvote 0 Downvote
lloydsev

say I wanted to add 69.248.0.0 what would the above command look like. i tried using the one you sent and it didnt work. I have a feeling I have the wrong subnet.


OrgName: Comcast Cable Communications, Inc.
OrgID: CMCS
Address: 1800 Bishops Gate Blvd
City: Mt Laurel
StateProv: NJ
PostalCode: 08054
Country: US

NetRange: 69.240.0.0 - 69.255.255.255
CIDR: 69.240.0.0/12
NetName: JUMPSTART-4
NetHandle: NET-69-240-0-0-1
Parent: NET-69-0-0-0-0
NetType: Direct Allocation
NameServer: DNS01.JDC01.PA.COMCAST.NET
NameServer: DNS02.JDC01.PA.COMCAST.NET
Comment:
RegDate: 2004-02-11
Updated: 2005-04-15

OrgAbuseHandle: NAPO-ARIN
OrgAbuseName: Network Abuse and Policy Observance
OrgAbusePhone: +1-856-317-7272
OrgAbuseEmail: abuse@comcast.net

OrgTechHandle: IC161-ARIN
OrgTechName: Comcast Cable Communications Inc
OrgTechPhone: +1-856-317-7200
OrgTechEmail: CNIPEO-Ip-registration@cable.comcast.com

# ARIN WHOIS database, last updated 2005-05-18 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
 
Upvote 0 Downvote
using 69.248.0.0/12 ?? or 69.248.0.0/16 ??

Using 69.248.0.0/12
access-list UPS_Outside permit tcp 69.248.0.0 255.255.240.0 host 192.168.1.150 eq 22011

Using 69.248.0.0/16
access-list UPS_Outside permit tcp 69.248.0.0 255.255.0.0 host 192.168.1.150 eq 22011

Computer/Network Technician
CCNA
 
Upvote 0 Downvote
lloydsev

this is where IM getting confused. Im bad with netmasks. Im guess their entire network is a /12 netmask. so I must use the 69.248.0.0/12 right?
 
Upvote 0 Downvote
I would call comcast and ask, just to verify with them.

If nothing else, ask them what the netmask for the network of addresses you bought is.

Computer/Network Technician
CCNA
 
Upvote 0 Downvote
lloydsev

the address I have is on a 255.255.248.0 subnet.

i used the below command but i cant connect with it

access-list UPS_Outside permit tcp 69.248.0.0 255.255.248.0 host 192.168.1.150 eq 22011
access-group UPS_Outside in interface outside

static (inside,outside) tcp interface 22011 192.168.1.150 22011
netmask 255.255.255.255 0 0
 
Upvote 0 Downvote
ahh...

access-list UPS_Outside permit tcp 69.248.0.0 255.255.248.0 host <external IP of PIX> eq 22011

Computer/Network Technician
CCNA
 
Upvote 0 Downvote
Should have included this in the last post here..


Any Access-lists granting access to a host using a static command, must use the static assigned address instead of the private internal address, as the static address is the one the host is attempting to connect to.

Computer/Network Technician
CCNA
 
Upvote 0 Downvote
doesnt work that way either

I know the below works but I want it to be stricter

access-list UPS_Outside permit tcp host 69.248.x.x any eq 22011
 
Upvote 0 Downvote
so is there a way not to use static and get it to the inside address?
 
Upvote 0 Downvote
no, you have to use the static command.

Computer/Network Technician
CCNA
 
Upvote 0 Downvote
according to I beleive I should be able to do what I want?

access-list UPS_Outside permit tcp 69.248.0.0 255.255.248.0 host 65.85.a.b eq 22011
access-group UPS_Outside in interface outside

should this do it:
static (inside,outside) tcp 65.85.a.b eq 22011 192.168.1.150
eq 22011 netmask 255.255.255.255 0 0
 
Upvote 0 Downvote
that might correct the problem.. although I'd be ready to change it back quickly.

Computer/Network Technician
CCNA
 
Upvote 0 Downvote
static (inside,outside) tcp 65.85.a.b eq 22011 192.168.1.150
eq 22011 netmask 255.255.255.255 0 0

in a and b field Im typing our ip. the above doesnt work.

so what exactly do I have to do to get this going??

i know the below command works but its not secure

access-list UPS_Outside permit tcp any any eq 22011
access-group UPS_Outside in interface outside
static (inside,outside) tcp interface 22011 192.168.1.150 22011netmask 255.255.255.255 0 0
 
Upvote 0 Downvote
access-list UPS_Outside permit tcp 69.248.0.0 255.255.248.0 any eq 22011

That line will have the same effect as naming only one host it could connect to, as the PIX is port forwarding that one port to the one box.

Computer/Network Technician
CCNA
 
Upvote 0 Downvote
lloydsev

the below is what i enetered and it doesnt work


access-list UPS_Outside permit tcp 69.248.0.0 255.255.248.0 any eq 22011
access-group UPS_Outside in interface outside

static (inside,outside) tcp interface 22011 192.168.1.150 22011 netmask 255.255.255.255 0 0
 
Upvote 0 Downvote
And the client that is attempting to connect has an IP of 69.248.x.x and a netmask of 255.255.248.0 ??????

Computer/Network Technician
CCNA
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

2
  • Locked
  • Question
Loss of my privacy
Replies
12
Views
2K
Rick998
Rick998
Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
1K
Sameer258
Sameer258
Miluis
  • Locked
  • Question
How necessary is an antivirus?
Replies
3
Views
332
Rick998
Rick998
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
781
nnaarrnn
nnaarrnn
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
817
Johnkite
Johnkite

Part and Inventory Search

Sponsor

Back
Top