From: Craig King (cking007@xxxxxxxxxxx)
Date: Fri May 31 2002 - 11:54:04 GMT-3
The conduit you've written allows access to a range of IPs (likely
172.206.25.33 through 172.206.25.63) because of the inclusion of a net &
netmask. If you want to only allow access to only .63, you need to write a
conduit that only applies to the host.
conduit permit tcp host 172.206.25.63 range 5631 5632 206.253.221.0
255.255.255.0
HTH,
CK
>From: Elias Udechime <euchime@yahoo.com>
>Reply-To: Elias Udechime <euchime@yahoo.com>
>To: ccielab@groupstudy.com
>Subject: OT: Question on PIX access
>Date: Thu, 30 May 2002 15:28:19 -0700 (PDT)
>
>Hi all,
>
>How can you explain these PIX configs. I have been to
>CCO, but did not drill it down to IP granu sh*t
>
>conduit permit tcp 172.206.25.63 255.255.255.224 range
>5631 5632 206.253.221.0 255.255.255.0
>
>I thought this is only permiting the entire network
>206.25.21.0 access only to specific host
>172.206.225.63.
>
>For some unforseen obvious reason, I am getting access
>to more than that.
>
>Could someone tell me what is going on?
>
>I am thinking that this command:
>route outside 0.0.0.0 172.206.225.1 (.1 is the
>internal network HRSP default getway)which is between
>the Internet router.
>
>internal---PIX-----HSRP-----IneterRouter----Internet
>
>
>Thanks for your help
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:59:12 GMT-3