cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
628
Views
0
Helpful
1
Replies

PIX 525 access rule question

Chris Mickle
Level 1
Level 1

Hey all,

PIX 525 UR-BUN

Ver 8.0(2)

I need to enable HTTP and HTTPS access from one inside interface to another so that the users can access OWA on the Exchange server.

It is important that I only allow the above services through the firewall. I do not want to allow all traffice to the exchange network.

Exchange Interface:

Interface E1

192.168.0.0 255.255.255.0

Security level 100

Interface E5

192.168.4.0 255.255.255.0

security level 100

Sorry about the easy question. I am just learning this device.

Please let me know what other info is needed to answer my question.

Thanks.

1 Reply 1

Jennifer Halim
Cisco Employee
Cisco Employee

Yes, you can configure Access-list on the inside interface where the user is connected to:

Assuming that your user inside interface is 192.168.0.0/24, and the exchange network is 192.168.4.0/24, and assuming that your exchange server is 192.168.4.5:

access-list inside-acl permit tcp 192.168.0.0 255.255.255.0 host 192.168.4.5 eq 80

access-list inside-acl permit tcp 192.168.0.0 255.255.255.0 host 192.168.4.5 eq 443

access-list inside-acl deny ip 192.168.0.0 255.255.255.0 192.168.4.0 255.255.255.0

access-list inside-acl permit ip 192.168.0.0 255.255.255.0 any

First 2 lines is to allow inside users towards the exchange server on port 80 (HTTP) and 443 (HTTPS)

Third line is to deny any other communication between the inside network to the exchange network

Fourth line is to allow comunication from inside towards the other interfaces (eg: outside/internet).

Hope this helps.

Review Cisco Networking for a $25 gift card