IP/VC 3510 MCU with the IP address of 209.165.201.30, port 2720 will need to be opened.
Use the following guidelines for specifying a source, local, or destination address:
-Use a 32-bit quantity in four-part, dotted-decimal format.
-Use the keyword any as an abbreviation for an address and mask of 0.0.0.0
0.0.0.0.This keyword is normally not recommended for use with IPSec. -Use host address as an abbreviation for a mask of 255.255.255.255.
Use the following guidelines for specifying a network mask:
-Do not specify a mask if the address is for a host; if the destination address is for a host, use the host parameter before the address; for example:
access-list acl_out permit tcp any host 192.168.1.1
-If the address is a network address, specify the mask as a 32-bit quantity in four- part, dotted-decimal format. Place zeros in the bit positions you want to ignore.
-Remember that you specify a network mask differently than with the Cisco IOS software access-listcommand. With PIX Firewall, use 255.0.0.0 for a Class A address, 255.255.0.0 for a Class B address, and 255.255.255.0 for a Class C address. If you are using a subnetted network address, use the appropriate network mask; for example:
access-list acl_out permit tcp any 209.165.201.0 255.255.255.224
Access-group command
In order to make sure that the access list is applied to a specific interface, the access- group command needs to be entered. The command syntax for this command is as follows:
access-group acl_ID in interface interface_name
In the configuration from Table XX, the access-group is applied to the outside interface in this manner:
access-group acl_out in interface outside
The access-groupcommand binds an access list to an interface. The access list is applied to traffic inbound to an interface. If you enter the permit option in an access-listcommand statement, the PIX Firewall continues to process the packet. If you enter the