Solved

PIX Block Traffic infor static NAT doesn't work

Posted on 2009-06-30
2
440 Views
Last Modified: 2012-06-21
Hello

We have a pix, and in this pix we have the following config on interface "outside"

interface Ethernet0
 nameif outside
 security-level 0
 ip address 1.1.1.1 255.255.255.240 standby 1.1.1.2

For routing traffic to the an address on the inside i created the following Static NAT
static (GPN,outside) 1.1.1.5 192.168.1.1 netmask 255.255.255.255

All works fine, i can now reach this server on all ports i wish, but i would like to make sure only RDP is allowed to this server, so i created an accesslist

access-list server_acl extended permit tcp any interface outside eq 3389
access-list server_acl extended deny ip any any

And applied this on the outside interface (also tried simmular to the inside interface)
access-group server_acl in interface outside

Now the server is not reachable anymore on any address

Any thoughts on this
0
Comment
Question by:Qore_Networks
2 Comments
 
LVL 5

Accepted Solution

by:
yashinchalad earned 500 total points
ID: 24748159

Apply only this part
access-list server_acl extended permit tcp any host 1.1.1.5 eq 3389
access-group server_acl in interface outside
 
0
 

Author Closing Comment

by:Qore_Networks
ID: 31598367
I see, i was under the assumption that the interface should be guarded, but only the address was enough

Thanx
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
PEAP authentication 7 45
Help with an ACL to isolate our wireless newtork 9 26
Palo Alto Networks: View Tunnel packet counts? 2 27
Use of vpn-filter value  in S2S VPN 2 31
When I upgraded my ASA 8.2 to 8.3, I realized that my nonat statement was failing!   The log showed the following error:     %ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows It was caused by the config upgrade, because t…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question