Firewall – How Do i Add A LIne To A PIX Firewall’s Access List

access-control-listcisco-pixcommandcommand-line-interfacefirewall

I need to open a port on a PIX 515.

Please can someone explain what I should be entering including the commands.

For the purposes of the explanation (so I can understand it ) I've given the different elements the following ips

Destination IP that the workstation on my network will be contacting: XXX.XXX.XXX.XXX

The workstation on my network YYY.YYY.YYY.YYY

PIX IP: ZZZ.ZZZ.ZZZ.ZZZ

Port = PPPPP

I have logged onto the PIX via Hyperterminal.

Thanks for your help.

Best Answer

So the first thing you are going to want to do is figure out the name of the ACL attached to your inside interface. You can do this by issuing sh run access-group you'll get output like below:

PIX# access-group outside_access_in in interface outside
PIX# access-group Wireless_access_in in interface Wireless
PIX# access-group inside_access_in in interface inside

You want the second field - that is the ACL name. So in the above example to add an allowed port on the inside interface of my firewall I need the ACL named "inside_access_in"

to modify the ACL you would issue:

PIX# access-list inside_access_in extended permit tcp host YYY.YYY.YYY.YYY host XXX.XXX.XXX.XXX eq PPPPP
Related Topic