Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
828
Views
0
Helpful
0
Comments

A host on the DMZ needs to access a specific host on the inside network on a specific port and also needs to have full access to the outside (Internet).

TCC_2
Level 10
Level 10

‎06-22-2009 03:36 PM - edited ‎03-08-2019 06:08 PM

Core issue

Need to configure an access list on the DMZ interface.

Resolution

Create an access list on the DMZ interface that allows a single host on the DMZ to access a single host on the inside on port 25, but also allows all other DMZ hosts to browse out to the Internet.

For example, assume that the DMZ subnet is 192.168.1.0/24 and the inside subnet is 10.10.10.0/24. Host 192.168.1.9 on the DMZ needs to access host 10.10.10.11 on the inside on port 25. Given these addresses, the following commands would be entered.

access-list DMZ permit tcp host 192.168.1.9 host 10.10.10.11 eq 25
access-list DMZ deny ip 192.168.1.0 255.255.255.0 10.10.10.0 255.255.255.0
access-list DMZ permit ip any any eq 80
!--- Note: There is an implicit deny ip any any at the end of any access list.
access-group DMZ in interface DMZ

For more information about entering access lists in the PIX, see Controlling Network Access and Use.

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents