access list on PIX
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-12-2006 11:27 PM - edited 02-21-2020 12:57 AM
It?s a dumb question.
Every time configuring PIX I get confused on this.
Say PIX has 4 ports - inside, outside, dmz1 and dmz2. Every interface has acl applied to it.
Now if i want to allow some outside IP to access DMZ1, which acl to to edit now? Then do I need to edit acl of both interfaces Outside and dmz1? or just outside or just dmz1.
Similarly for inside int, to allow any outside ip which acls to edit? Outside or inside or both
- Labels:
-
Other Network Security Topics
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-13-2006 01:05 AM
How is yours ACLs apllied to interface?
If its derection IN (most commond)
access-group outside_ACL in interface outside
access-group inside_ACL t in interface inside
access-group dmz_ACL in interface dmz
So you need change only ACL where is source of communication
So
to allow some outside IP to access DMZ change outside ACL
to allow some outside DMZ IP to access Inside change DMZ ACL
M.
Hope that helps, rate if it does
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-13-2006 01:14 AM
Hi,
Basically, if you want to allow access to a particular segment/interface from other segments, you need to modify/work on the ACL ties to the interface where the traffic is originate or where the accessing host located.
For example, to allow access from outside to DMZ1, you need to edit/modify ACL on the outside interface (need to have static nat your DMZ IP to public/outside IP as well).
Same goes to controlling/allowing outside or internet users accessing your inside host. You need to edit/modify your ACL applied to the outside interface.
Firewall will automatically allow the returning traffic to pass through
Rgds,
AK
