Pix ACL

From: Kevin.Keay@kellogg.com
Date: Wed Mar 24 2004 - 15:52:07 GMT-3

• Next message: Peter van Oene: "Re: Ospf question."
• Previous message: Joseph D. Phillips: "OSPF auto-cost reference-bandwidth calc"
• Next in thread: Moffat, Ed: "RE: Pix ACL"
• Maybe reply: Moffat, Ed: "RE: Pix ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

All,

I haven't worked with PIX's very much and had just been handed one that
needs to be config'd asap.

I have a simple basic question. I would like to allow traffic from a lower
security DMZ to my Inside network, but need to apply an ACL restricting some
traffic. My question is where should I apply the access list? Should it be
applied to inbound traffic on the lower security DMZ interface or as an
outbound access list on the Inside interface? My guess is traffic gets
dropped at the higher security interface, which is where the acl should be
applied (outbound acl on Inside in this case)

DMZ security 8 ------------> inbound acl here?-->- PIX -->outbound acl
here?->-------- Inside security 100

Thx in advance

kevin

• Next message: Peter van Oene: "Re: Ospf question."
• Previous message: Joseph D. Phillips: "OSPF auto-cost reference-bandwidth calc"
• Next in thread: Moffat, Ed: "RE: Pix ACL"
• Maybe reply: Moffat, Ed: "RE: Pix ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Apr 01 2004 - 08:15:46 GMT-3