CCSP Cisco Secure PIX Firewall Advanced Exam Certification Guide, Second Edition [Electronic resources]

Greg Bastien; Earl Carter; Christian Degu

نسخه متنی -صفحه : 191/ 137

Task 2: Configuring Access Rules on HQ

After configuring the basic PIX Firewall parameters, you must create the access rules for the PIX Firewall at the Reston site (HQ-PIX). The access rules are necessary to enable the remote sites to connect to the Reston location while limiting access from unauthorized locations. The following steps define the access rules needed on HQ-PIX.

Step 1.

To allow users on the outside interface access to the mail server on the demilitarized zone (DMZ) interface, enter the following commands:

 access-list acl-out permit tcp any host 192.168.1.4 eq smtp 
 access-group acl-out in interface outside

The access-group command binds the acl-out access list command statement group to the outside interface.

Step 2.

To allow users on the outside interface to access the web server on the DMZ interface, use the following command:

 access-list acl-out permit tcp any host 192.168.1.5 eq www

Step 3.

To allow users on the outside interface to access the File Transfer Protocol (FTP) server on the DMZ interface, use the following command:

 access-list acl-out permit tcp any host 192.168.1.6 eq ftp

Example 20-4 shows the access list configured on the HQ PIX.

Example 20-4. Access List on the HQ PIX

access-list acl-out permit tcp any host 192.168.1.4 eq smtp
access-list acl-out permit tcp any host 192.168.1.5 eq www
access-list acl-out permit tcp any host 192.168.1.6 eq ftp
access-list acl-out permit udp any host 192.168.1.8 eq 514
access-group acl-out in interface outside