CCSP Cisco Secure PIX Firewall Advanced Exam Certification Guide, Second Edition [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

CCSP Cisco Secure PIX Firewall Advanced Exam Certification Guide, Second Edition [Electronic resources] - نسخه متنی

Greg Bastien; Earl Carter; Christian Degu

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
ارسال به دوستان
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات
توضیحات
افزودن یادداشت جدید












  • Task 2: Configuring Access Rules on HQ


    After configuring the basic PIX Firewall parameters, you must create the access rules for the PIX Firewall at the Reston site (HQ-PIX). The access rules are necessary to enable the remote sites to connect to the Reston location while limiting access from unauthorized locations. The following steps define the access rules needed on HQ-PIX.


    Step 1.

    To allow users on the outside interface access to the mail server on the demilitarized zone (DMZ) interface, enter the following commands:


    access-list acl-out permit tcp any host 192.168.1.4 eq smtp
    access-group acl-out in interface outside

    The access-group command binds the acl-out access list command statement group to the outside interface.

    Step 2.

    To allow users on the outside interface to access the web server on the DMZ interface, use the following command:


    access-list acl-out permit tcp any host 192.168.1.5 eq www

    Step 3.

    To allow users on the outside interface to access the File Transfer Protocol (FTP) server on the DMZ interface, use the following command:


    access-list acl-out permit tcp any host 192.168.1.6 eq ftp


    Example 20-4 shows the access list configured on the HQ PIX.

    Example 20-4. Access List on the HQ PIX



    access-list acl-out permit tcp any host 192.168.1.4 eq smtp
    access-list acl-out permit tcp any host 192.168.1.5 eq www
    access-list acl-out permit tcp any host 192.168.1.6 eq ftp
    access-list acl-out permit udp any host 192.168.1.8 eq 514
    access-group acl-out in interface outside


    • / 191