Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
360
Views
0
Helpful
2
Replies

pix acl question

miketumolo
Level 1
Level 1

‎07-24-2006 10:51 AM - edited ‎02-21-2020 01:04 AM

hi,

im a newbie to using a pix firewall and i have inherited a 525 and would like someone to help point me in the right direction for what my company wants. We have a webserver in our dmz that now needs to communicate with microsofts active directory protocols that are on the inside interface. I have the ports that need to be used but I must confess I'm a bit stuck with where to go now.

Is it simply a matter of creating a new acl from the dmz --> inside?

Any Help would be great.

Thanks,

Mike

0 Helpful
2 Replies 2

hemendoz
Cisco Employee
Cisco Employee

‎07-24-2006 10:56 AM

Hello miketumolo,

You are correct. The acl that is created will be on the dmz interface. As that traffic is permitted, the return traffic will be allowed back via the ASA so you don't have to do anything on the inside interface.

Here is what the ACLs elements will look like.

access-list dmz_acl permit tcp host webserver host ADserver eq portnumber

access-group dmz_acl in interface dmz

Hope that helps! If so, please rate.

Thanks

0 Helpful

koksm
Level 1
Level 1

‎07-24-2006 11:36 PM

Be aware, because you are going from a lower security interface (DMZ) to a higher security interface (inside) you also need a static next to the ACL.

If you want to make the AD server available without NAT on the DMZ, use;

static (inside,dmz)

If you want to nat the AD server, use;

static (inside,dmz)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card