From: Moffat, Ed (EMoffat@fsci.com)
Date: Wed Mar 24 2004 - 16:15:16 GMT-3
The only place you can control this (currently) is inbound on the lower
security interface. Don't forget to add static NATs for the inside hosts to
the DMZ otherwise you will not be able to connect even with the access-group
applied to the interface.
-Ed-
-----Original Message-----
From: Kevin.Keay@kellogg.com [mailto:Kevin.Keay@kellogg.com]
Sent: Wednesday, March 24, 2004 10:52 AM
To: ccielab@groupstudy.com
Subject: Pix ACL
All,
I haven't worked with PIX's very much and had just been handed one that
needs to be config'd asap.
I have a simple basic question. I would like to allow traffic from a lower
security DMZ to my Inside network, but need to apply an ACL restricting some
traffic. My question is where should I apply the access list? Should it be
applied to inbound traffic on the lower security DMZ interface or as an
outbound access list on the Inside interface? My guess is traffic gets
dropped at the higher security interface, which is where the acl should be
applied (outbound acl on Inside in this case)
DMZ security 8 ------------> inbound acl here?-->- PIX -->outbound acl
here?->-------- Inside security 100
Thx in advance
kevin
This archive was generated by hypermail 2.1.4 : Thu Apr 01 2004 - 08:15:46 GMT-3