sevendcruz
IS-IT--Management
topology
PIX > internet2
|
10.10.0.0
|
router > pix > internet
|
192.168.0.0
The Exchage server is on the 10.10 subnet and the only way I've been able to get access to it from the 192.168.0.0 is to open is to use a wildcard. access-list 101 permit ip host 192.168.1.5 any access-list 101 permit ip host 192.168.1.6 any.
Am I missing something like eq domain?
Thnaks
ip subnet-zero
ip host gatekeeper 192.168.1.1
ip host Switch2 192.168.1.21
ip host Switch1 192.168.1.20
!
!
!
!
interface Ethernet0/0
description Ethernet interface supporting LHHRP Network
ip address 192.168.1.10 255.255.255.0
no ip directed-broadcast
full-duplex
!
interface Ethernet0/1
ip address 10.10.1.3 255.255.0.0
ip access-group 101 out
no ip directed-broadcast
ip accounting access-violations
full-duplex
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
no ip http server
!
access-list 101 permit ip host 192.168.1.5 any
access-list 101 permit ip host 192.168.1.6 any
access-list 101 permit ip 192.168.1.0 0.0.0.255 host 10.10.5.21
access-list 101 permit ip 192.168.1.0 0.0.0.255 host 10.10.5.41
access-list 101 permit tcp 192.168.1.0 0.0.0.255 host 10.10.5.6 eq www
access-list 101 permit tcp any any established
access-list 101 permit ip 192.168.1.0 0.0.0.255 host 10.10.5.5
access-list 101 permit ip 192.168.1.0 0.0.0.255 host 10.10.5.2
line con 0
transport input none
line aux 0
line vty 0 4
password
login
!
no scheduler allocate
end
PIX > internet2
|
10.10.0.0
|
router > pix > internet
|
192.168.0.0
The Exchage server is on the 10.10 subnet and the only way I've been able to get access to it from the 192.168.0.0 is to open is to use a wildcard. access-list 101 permit ip host 192.168.1.5 any access-list 101 permit ip host 192.168.1.6 any.
Am I missing something like eq domain?
Thnaks
ip subnet-zero
ip host gatekeeper 192.168.1.1
ip host Switch2 192.168.1.21
ip host Switch1 192.168.1.20
!
!
!
!
interface Ethernet0/0
description Ethernet interface supporting LHHRP Network
ip address 192.168.1.10 255.255.255.0
no ip directed-broadcast
full-duplex
!
interface Ethernet0/1
ip address 10.10.1.3 255.255.0.0
ip access-group 101 out
no ip directed-broadcast
ip accounting access-violations
full-duplex
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
no ip http server
!
access-list 101 permit ip host 192.168.1.5 any
access-list 101 permit ip host 192.168.1.6 any
access-list 101 permit ip 192.168.1.0 0.0.0.255 host 10.10.5.21
access-list 101 permit ip 192.168.1.0 0.0.0.255 host 10.10.5.41
access-list 101 permit tcp 192.168.1.0 0.0.0.255 host 10.10.5.6 eq www
access-list 101 permit tcp any any established
access-list 101 permit ip 192.168.1.0 0.0.0.255 host 10.10.5.5
access-list 101 permit ip 192.168.1.0 0.0.0.255 host 10.10.5.2
line con 0
transport input none
line aux 0
line vty 0 4
password
login
!
no scheduler allocate
end