PIX Block Traffic infor static NAT doesn't work

Posted on 2009-06-30
Medium Priority
Last Modified: 2012-06-21

We have a pix, and in this pix we have the following config on interface "outside"

interface Ethernet0
 nameif outside
 security-level 0
 ip address standby

For routing traffic to the an address on the inside i created the following Static NAT
static (GPN,outside) netmask

All works fine, i can now reach this server on all ports i wish, but i would like to make sure only RDP is allowed to this server, so i created an accesslist

access-list server_acl extended permit tcp any interface outside eq 3389
access-list server_acl extended deny ip any any

And applied this on the outside interface (also tried simmular to the inside interface)
access-group server_acl in interface outside

Now the server is not reachable anymore on any address

Any thoughts on this
Question by:Qore_Networks

Accepted Solution

yashinchalad earned 2000 total points
ID: 24748159

Apply only this part
access-list server_acl extended permit tcp any host eq 3389
access-group server_acl in interface outside

Author Closing Comment

ID: 31598367
I see, i was under the assumption that the interface should be guarded, but only the address was enough


Featured Post

Get Cisco Certified in IT Security

There’s a high demand for IT security experts and network administrators who can safeguard the data that individuals, corporations, and governments rely on every day. Pursue your B.S. in Network Operations and Security and gain the credentials you need for this high-growth field.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

On Feb. 28, Amazon’s Simple Storage Service (S3) went down after an employee issued the wrong command during a debugging exercise. Among those affected were big names like Netflix, Spotify and Expedia.
You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

600 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question