Open IP range on PIX 501

[violaman]

Help!
I have just migrated a client from an 800 series Cisco to a PIX 501. I need to open the pix to communicate with a stocks and shares trading program which needs inbound and outbound connections to 2 different class C ranges, eg: 208.62.64.xxx and 63.53.207.xxx.

With the 800 series I had a standard access list configured. The same command does not work on the PIX. Any ideas?

Geoff

 

[baddos]

access-list 101 permit ip host 208.62.64.xxx any
access-list 101 permit ip host 63.53.207.xxx any
access-list 101 deny ip any any log
access-group 101 in interface outside

This will allow the 208 and 63 computer access to any computer inside the firewall.

 

[violaman]

Thanks Baddos, that was a speedy repy!

I'll try that tomorrow.

 

[violaman]

I think my question was a little misleading, having read it a second time. The stocks and shares program requires all 254 address on both ranges to be opened for incoming and outgoing connection IE. 208.62.27.1-254 and 63.99.207.1.254.

Should I use the address 208.62.27.0 and 63.99.207.0 with an inverse mask? If so what is the correct syntax?

Many thanks

 

[brontosaurus]

The PIX uses a normal mask, so using baddos' example, you'd say:

access-list 101 permit ip 208.62.64.0 255.255.255.0 any
access-list 101 permit ip 63.53.207.0 255.255.255.0 any

and the rest would follow suit...