Task 2: Configuring Access Rules on HQ
After configuring the basic PIX Firewall parameters, you must create the access rules for the PIX Firewall at the Reston site (HQ-PIX). The access rules are necessary to enable the remote sites to connect to the Reston location while limiting access from unauthorized locations. The following steps define the access rules needed on HQ-PIX.
| Step 1. | To allow users on the outside interface access to the mail server on the demilitarized zone (DMZ) interface, enter the following commands:
access-list acl-out permit tcp any host 192.168.1.4 eq smtp
access-group acl-out in interface outside
The access-group command binds the acl-out access list command statement group to the outside interface. | | Step 2. | To allow users on the outside interface to access the web server on the DMZ interface, use the following command:
access-list acl-out permit tcp any host 192.168.1.5 eq www
| | Step 3. | To allow users on the outside interface to access the File Transfer Protocol (FTP) server on the DMZ interface, use the following command:
access-list acl-out permit tcp any host 192.168.1.6 eq ftp
|
Example 20-4 shows the access list configured on the HQ PIX.Example 20-4. Access List on the HQ PIX
access-list acl-out permit tcp any host 192.168.1.4 eq smtp
access-list acl-out permit tcp any host 192.168.1.5 eq www
access-list acl-out permit tcp any host 192.168.1.6 eq ftp
access-list acl-out permit udp any host 192.168.1.8 eq 514
access-group acl-out in interface outside
|
لطفا منتظر باشید ...
