From: Jeffrey Theobalt (jeff@xxxxxxx)
Date: Fri May 31 2002 - 12:21:51 GMT-3
What this command is doing is allowing the 206.253.221.0/24 access
to 172.206.25.32/27 which is host's (33-62) the address(172.206.25.63
255.255.255.224) you are using is the broadcast address for that subnet and
the command allows access to tcp ports 5631-5632
If you want access to a specific host use the following example
conduit permit tcp host 172.206.25.x range 5631 5632 206.253.221.0
255.255.255.0
the <host> command in front of the ip address allows access to just that
host without the need of using a subnet mask.
however, do not use the broadcast or you have defeated the purpose of trying
allow access to a specific host.
Hope this helps...
-Jeff
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Elias Udechime
Sent: Thursday, May 30, 2002 3:28 PM
To: ccielab@groupstudy.com
Subject: OT: Question on PIX access
Hi all,
How can you explain these PIX configs. I have been to
CCO, but did not drill it down to IP granu sh*t
conduit permit tcp 172.206.25.63 255.255.255.224 range
5631 5632 206.253.221.0 255.255.255.0
I thought this is only permiting the entire network
206.25.21.0 access only to specific host
172.206.225.63.
For some unforseen obvious reason, I am getting access
to more than that.
Could someone tell me what is going on?
I am thinking that this command:
route outside 0.0.0.0 172.206.225.1 (.1 is the
internal network HRSP default getway)which is between
the Internet router.
internal---PIX-----HSRP-----IneterRouter----Internet
Thanks for your help
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:59:12 GMT-3