[fw-wiz] PIX - acl breaks implicit outbound rule
- From: "Richard Shaw" <richard@xxxxxxxxxxx>
- Date: Tue, 22 May 2007 14:08:09 +0100
Hi There,
I'm trying to get successful two way communication over a selected port
range between 2 hosts on different interfaces.
Interface 1 (100) ------------ Interface 2 (90)
host1 (10.0.1.11) ------------ host2 (10.0.5.2)
I've already put in a static route so host1 can get down to host2, however I
need host2 to be able to open a connection back through on selected ports.
I've been able to get it semi-working by applying the following:
static (Interface1,Interface2) 10.0.5.200 10.0.1.11 netmask 255.255.255.255
access-list Interface2toInterface1 extended permit udp host 10.0.5.2 host
10.0.5.200 eq port-range
access-group Interface2toInterface1 in interface Interface2
However, it replaces the implicit outbound rule for Interface2 and breaks
all other outbound traffic on the interface. My question is, what can I
append to the above access group to put the outbound rule back in?
Any thoughts or suggestions would be super useful
Thanks!
Richard _______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
- Follow-Ups:
- Re: [fw-wiz] PIX - acl breaks implicit outbound rule
- From: James
- Re: [fw-wiz] PIX - acl breaks implicit outbound rule
- From: Paul Melson
- Re: [fw-wiz] PIX - acl breaks implicit outbound rule
- Prev by Date: Re: [fw-wiz] HIPS experience
- Next by Date: [fw-wiz] Netscreen to Cisco IOS tunneling
- Previous by thread: [fw-wiz] Best way to block incoming connections from open http proxy servers?
- Next by thread: Re: [fw-wiz] PIX - acl breaks implicit outbound rule
- Index(es):
