Re: PIX - acl breaks implicit outbound rule
- From: roberson@xxxxxxxxxxxx (Walter Roberson)
- Date: Tue, 22 May 2007 13:57:35 GMT
In article <1179839837.998973.141590@xxxxxxxxxxxxxxxxxxxxxxxxxxx>,
<useofweapons@xxxxxxxxx> wrote:
I've been able to get it semi-working by applying the following:
static (Interface1,Interface2) 10.0.5.200 10.0.1.11 netmask 255.255.255.255
access-list Interface2toInterface1 extended permit udp host 10.0.5.2 host 10.0.5.200 eq port-range
access-group Interface2toInterface1 in interface Interface2
However, it replaces the implicit outbound rule for Interface2 and
breaks all other outbound traffic on the interface. My question is,
what can I append to the above access group to put the outbound rule
back in?
Add in a deny to anything else in Interface 1 that might
present a usable IP to Interface 2 (e.g., other statics or
nat 0 access-list), followed by a permit of 10.0.5/24 to any.
I've already put in a static route so host1 can get down to host2,
You probably don't need that: if you have a regular default route
for hosts on Interface 1 to go out via the PIX, then the default
route will take care of getting the packets to the PIX for
redistribution to host2.
.
- References:
- PIX - acl breaks implicit outbound rule
- From: useofweapons
- PIX - acl breaks implicit outbound rule
- Prev by Date: Re: Connection problems from inside LAN
- Next by Date: Re: How to block upd port 137 traffic
- Previous by thread: PIX - acl breaks implicit outbound rule
- Index(es):
Relevant Pages
|
|
