10-26-2005 08:12 AM - edited 03-09-2019 12:50 PM
Hello,
can anyone help me with this?
i have 1 192.168.1.0 that only needs access to external http/s browsing in two machines 192.168.1.30 and 60.
whats the most secure configuration that i can make to allow only http?
thanks
10-26-2005 10:58 AM
access-list inside_out permit tcp host 192.168.1.30 any eq https
access-list inside_out permit tcp host 192.168.1.60 any eq https
access-list inside_out deny ip any any
access-group inside_out in interface inside
10-26-2005 03:55 PM
access-list outbound permit tcp host 192.168.1.30 any eq https
access-list outbound permit tcp host 192.168.1.60 any eq https
access-list outbound permit udp any any eq domain
access-group outbound in interface inside
the last entry "permit udp any any eq domain" is required as you need to do dns for internet browsing. further by default there is an implicit
deny all at the end of every acl (i.e. optional). you would only apply this entry for troubleshooting/monitoring purposes.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide