<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Implicit rules (PIX) in Network Security</title>
    <link>https://community.cisco.com/t5/network-security/implicit-rules-pix/m-p/763711#M980282</link>
    <description>&lt;P&gt;Hello,&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;I've a strange problem working with a PIX 525 ASA7.2(2) with 5 interfaces.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;2 interfaces have the implicit rule:&lt;/P&gt;&lt;P&gt;1 source:any, dest:any less secure networks, protocol:ip, action:permit.&lt;/P&gt;&lt;P&gt;2 source:any, dest:any, protocol:ip, action:deny.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;The others interfaces don't have this "implicit" rules.&lt;/P&gt;&lt;P&gt;In otrder to allow the networks traffic from a more secure networks to an insecure networks I've to put a rule that allow this and negate the others.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Anybody could help me about this problem?&lt;/P&gt;&lt;P&gt;Thank you in advance!&lt;/P&gt;&lt;P&gt;Alfredo Speranza&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;</description>
    <pubDate>Mon, 11 Mar 2019 10:18:11 GMT</pubDate>
    <dc:creator>ALFREDO SPERANZA</dc:creator>
    <dc:date>2019-03-11T10:18:11Z</dc:date>
    <item>
      <title>Implicit rules (PIX)</title>
      <link>https://community.cisco.com/t5/network-security/implicit-rules-pix/m-p/763711#M980282</link>
      <description>&lt;P&gt;Hello,&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;I've a strange problem working with a PIX 525 ASA7.2(2) with 5 interfaces.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;2 interfaces have the implicit rule:&lt;/P&gt;&lt;P&gt;1 source:any, dest:any less secure networks, protocol:ip, action:permit.&lt;/P&gt;&lt;P&gt;2 source:any, dest:any, protocol:ip, action:deny.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;The others interfaces don't have this "implicit" rules.&lt;/P&gt;&lt;P&gt;In otrder to allow the networks traffic from a more secure networks to an insecure networks I've to put a rule that allow this and negate the others.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Anybody could help me about this problem?&lt;/P&gt;&lt;P&gt;Thank you in advance!&lt;/P&gt;&lt;P&gt;Alfredo Speranza&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;</description>
      <pubDate>Mon, 11 Mar 2019 10:18:11 GMT</pubDate>
      <guid>https://community.cisco.com/t5/network-security/implicit-rules-pix/m-p/763711#M980282</guid>
      <dc:creator>ALFREDO SPERANZA</dc:creator>
      <dc:date>2019-03-11T10:18:11Z</dc:date>
    </item>
    <item>
      <title>Re: Implicit rules (PIX)</title>
      <link>https://community.cisco.com/t5/network-security/implicit-rules-pix/m-p/763712#M980285</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;To allow traffic from a higher security zone to a lower security zone without an ACL on the interface, make sure you do the following.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Create a NAT for the outbound traffic using a static or nat/global pair&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;ex. nat (inside) 1 192.168.1.0 255.255.255.0&lt;/P&gt;&lt;P&gt;    global (outside) 1 interface&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;ex. static (inside,outside) 1.1.1.1 192.168.1.10&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;If you have an ACL on the inside interface, you will have to allow the traffic you want to go out in addition to the above.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;If you are trying to allow traffic in from a less secure zone to a more secure zone, you must create a static and ACL for the desired comms.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;ex. static (inside,outside) 1.1.1.1 192.168.1.10&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;access-list outside_access_in extended permit tcp any host 1.1.1.1 eq smtp&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;** Please rate if this helps*&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Cheers. &lt;/P&gt;&lt;P&gt;Jay&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Tue, 22 May 2007 15:17:51 GMT</pubDate>
      <guid>https://community.cisco.com/t5/network-security/implicit-rules-pix/m-p/763712#M980285</guid>
      <dc:creator>jwalker</dc:creator>
      <dc:date>2007-05-22T15:17:51Z</dc:date>
    </item>
  </channel>
</rss>

