bi-directional ACL same ports for outbound & inbound
Results 1 to 4 of 4

Thread: bi-directional ACL same ports for outbound & inbound

Threaded View

  1. #1
    Senior Member
    Join Date
    Dec 2004
    Posts
    138

    bi-directional ACL same ports for outbound & inbound

    I have got server in DMZ area with an ip address 192.168.101.202, I want this server to be accessible from outside world through these ports: 809 8400, 80 (for outbound and inbound traffics)

    This is my configuration

    static (dmz, outside) 80.80.10.2 192.168.101.202 netmask 255.255.255.255 0 0

    What I did , is this (for inbounding traffic) :

    access-list FROM_OUTSIDE_TO_DMZ permit tcp any host 80.80.10.2 eq 80
    access-list FROM_OUTSIDE_TO_DMZ permit tcp any host 80.80.10.2 eq 443
    access-list FROM_OUTSIDE_TO_DMZ permit tcp any host 80.80.10.2 eq 8200

    Do I need to config below as well (for the outbounding traffic)?
    access-list FROM_DMZ_TO_OUTSIDE permit tcp 192.168.101.202 host 80.80.10.2 eq 80
    access-list FROM_DMZ_TO_OUTSIDE permit tcp 192.168.101.202 host 80.80.10.2 eq 443
    access-list FROM_DMZ_TO_OUTSIDE permit tcp 192.168.101.202 host 80.80.10.2 eq 8200


    access-group FROM_OUTSIDE_TO_DMZ in interface outside

    If the outbound and inbound communicate on different posts then it is obvious we have to configure access-list in both directions, but does this apply to when outbound and inbound communicate on same posts

    Note: fake public ip address
    Last edited by zillah; January 10th, 2007 at 03:08 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides