access list on PIX

[banalas]

I was trying to allow network 20.20.10.0 to connect to my inside network

access-list outside_access_in permit ip 20.20.10.0 mask 255.255.255.0 any

is this correct syntax, please help

Thanks

 

[ChrisAC]

Take out the word 'mask.

access-list outside_access_in permit ip 20.20.10 255.255.255.0 any

You will also require static translations to map IP addresses (or the external interface) to internal servers.

I would be very cautious about letting an entire /24 network to access any services on my network. You really should tie that down to just those that are required.

Chris.

**********************
Chris A.C, CCNA, CCSA
**********************

 

[LloydSev]

I agree with ChrisAC, to drop the word mask.

Also, you can allow certain protocols to further tie up security, if you want to do this, we can certainly assist in showing you the proper syntax for such:

access-list <name> <action> <protocol> <source> <destination> eq <port>


Name: ACL Name.
Action: Permit or Deny
Protocol: TCP, UDP, ICMP, etc..
Source: Where the packets originate from
Destination: One of your local networks or hosts
Port: Port of traffic to allow (eg smtp is 25,

http://www is

80)

Computer/Network Technician
CCNA