Hello everyone, please help me. I want to create 3 sections: INSIDE, OUTSIDE and DMZ. With OUTSIDE it is possible to ping, and access services in the DMZ. INSIDE also does the same thing and it has the addition of being able to ping OUTSIDE(8.8.8.8), only INSIDE can ping OUTSIDE, not the reverse (OUTSIDE cannot ping INSIDE), I used the following methods: rules like
access-list DMZ-ACCESS extended permit icmp any any
access-list DMZ-ACCESS extended permit tcp any any eq www
access-list DMZ-ACCESS extended permit tcp any any eq 8080
access-list DMZ-ACCESS extended permit tcp any any eq domain
access-list DMZ-ACCESS extended permit udp any any eq domain
access-list DMZ-ACCESS extended permit udp any any eq bootps
access-list DMZ-ACCESS extended permit udp any any eq bootpc
access-list INTERNET-ACCESS extended permit icmp any any
access-list INTERNET-ACCESS extended permit tcp any any eq domain
access-list INTERNET-ACCESS extended permit udp any any eq domain
access-list INTERNET-ACCESS extended permit tcp any any eq www
access-list INTERNET-ACCESS extended permit tcp any any eq 8080
access-list INTERNET-ACCESS extended permit tcp any any
access-list IN-DMZ extended permit tcp any any
access-list IN-DMZ extended permit udp any any
access-group DMZ-ACCESS in interface DMZ
access-group IN-DMZ out interface INSIDE
access-group INTERNET-ACCESS in interface OUTSIDE
I have applied the above rules but web access to DMZ is not possible. And what I don't want is for OUTSIDE to be able to access INSIDE. So please help me everyone