asked on
How do I allow the PIX501 to serve outbound requests from inside to outside hosts?
I'd like to setup a PIX501 so that it
a) allows inbound requests from outside to a inside host on port 3389 (for terminal services)
b) allows outbound requests from inside hosts to any outside hosts on ports 25 & 110 (for email)
c) blocks all other inbound and outbound requests
I've got a handle on a) by using the attached code snippet. And I'm confident of c) by setting a explicit Deny using the PDM (ie. Deny any any). But I'm sure not 100% on translating the code I used in a) to solve b).
I'd like only 192.168.1.6 on the internal network to be able to use ports 25 & 110 for sending/receiving email and deny all others on the internal network access to the outside world
a) allows inbound requests from outside to a inside host on port 3389 (for terminal services)
b) allows outbound requests from inside hosts to any outside hosts on ports 25 & 110 (for email)
c) blocks all other inbound and outbound requests
I've got a handle on a) by using the attached code snippet. And I'm confident of c) by setting a explicit Deny using the PDM (ie. Deny any any). But I'm sure not 100% on translating the code I used in a) to solve b).
I'd like only 192.168.1.6 on the internal network to be able to use ports 25 & 110 for sending/receiving email and deny all others on the internal network access to the outside world
static (inside,outside) tcp <public ip> 25 <private ip> 25 netmask 255.255.255.255
access-list outside_access_in permit tcp any host <public ip> eq smtp
access-group outisde_access_in in interface outside
Cisco
Last Comment
vantageit
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
haha! thanks for the solution ... works great (as soon as I realized the site where I installed the PIX has a different default gateway than the one I had configured :-) ....