Task 2: Configuring Access Rules on HQ After configuring the basic PIX Firewall parameters, you must create the access rules for the PIX Firewall at the Reston site (HQ-PIX). The access rules are necessary to enable the remote sites to connect to the Reston location while limiting access from unauthorized locations. The following steps define the access rules needed on HQ-PIX.
Step 1. | To allow users on the outside interface access to the mail server on the demilitarized zone (DMZ) interface, enter the following commands: access-list acl-out permit tcp any host 192.168.1.4 eq smtp access-group acl-out in interface outside
The access-group command binds the acl-out access list command statement group to the outside interface. | Step 2. | To allow users on the outside interface to access the web server on the DMZ interface, use the following command: access-list acl-out permit tcp any host 192.168.1.5 eq www
| Step 3. | To allow users on the outside interface to access the File Transfer Protocol (FTP) server on the DMZ interface, use the following command: access-list acl-out permit tcp any host 192.168.1.6 eq ftp
|
Example 20-4 shows the access list configured on the HQ PIX.Example 20-4. Access List on the HQ PIX
access-list acl-out permit tcp any host 192.168.1.4 eq smtp access-list acl-out permit tcp any host 192.168.1.5 eq www access-list acl-out permit tcp any host 192.168.1.6 eq ftp access-list acl-out permit udp any host 192.168.1.8 eq 514 access-group acl-out in interface outside
|