我在思科ASA防火墙上configuration了以下规则:
access-list OUTSIDE_IN extended permit tcp any host xx.xx.xx.xx eq 3306 access-list OUTSIDE_IN extended permit tcp any host xx.xx.xx.xx eq 2083 access-list OUTSIDE_IN extended permit tcp any host xx.xx.xx.xx eq 2087 access-list OUTSIDE_IN extended permit tcp any host xx.xx.xx.xx eq 2095 现在,当我想添加一个规则,只允许一个stream量tcp到指定的IP地址,如下图,我的规则是失败与ERROR: % Invalid Hostname
sh run access-list OUTSIDE_IN extended permit tcp ip yy.yy.yy.yy host xx.xx.xx.xx eq 10050
我究竟做错了什么? 据我所知,我的语法是错误的,但官方文件不帮助我。
这是你应该使用的:
access-list OUTSIDE_IN extended permit tcp host yy.yy.yy.yy host xx.xx.xx.xx eq 10050
例:
access-list OUTSIDE_IN extended permit tcp host 12.12.12.12 host 23.23.23.23 eq 10050