I have a subnet/Access-list question.
Let's say I decide to break up an address range (10.10.1.1) into 2 subnets (255.255.255.128).
I have 2 ranges:
#1) 10.10.1.0 - 10.10.1.127
AND
#2) 10.10.1.128 - 10.10.1.255
On my Pix I want to allow full internet access to Net #1 & 1 specific IP address to Net #2.
I am correct in applying the following Access-list? Will it work?
access-list inside_access_in permit ip 10.10.1.1 255.255.255.128 any
access-list inside_access_in permit ip 10.10.1.128 255.255.255.128 host xxx.xxx.xxx.xxx (SPECIFIC IP)
access-group inside_access_in in interface inside
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
?? Do I set the Inside Pix address to 10.10.1.1 255.255.255.0 ?? or do I use a different Netmask?
If this is OK, then the second part of my problem is this...
How do I setup my internal Subnets?? Can I set the NIC netmask's to 255.255.255.0 so internally they can access the entire range of 10.10.1.0 - 10.10.1.255 ?? Or will that cause problems??
Please advise.
TIA:
Glenn
Let's say I decide to break up an address range (10.10.1.1) into 2 subnets (255.255.255.128).
I have 2 ranges:
#1) 10.10.1.0 - 10.10.1.127
AND
#2) 10.10.1.128 - 10.10.1.255
On my Pix I want to allow full internet access to Net #1 & 1 specific IP address to Net #2.
I am correct in applying the following Access-list? Will it work?
access-list inside_access_in permit ip 10.10.1.1 255.255.255.128 any
access-list inside_access_in permit ip 10.10.1.128 255.255.255.128 host xxx.xxx.xxx.xxx (SPECIFIC IP)
access-group inside_access_in in interface inside
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
?? Do I set the Inside Pix address to 10.10.1.1 255.255.255.0 ?? or do I use a different Netmask?
If this is OK, then the second part of my problem is this...
How do I setup my internal Subnets?? Can I set the NIC netmask's to 255.255.255.0 so internally they can access the entire range of 10.10.1.0 - 10.10.1.255 ?? Or will that cause problems??
Please advise.
TIA:
Glenn