Hello. We have 2 cisco 5520's that we are going to replace our PIx 515's. We are running the boxes in routed single context mode in an active/standby failover. The we have four interfaces, outside security 0, inside security 100, dmz security 50, and management security 100.
So far I have configured dynamic NAT for the inside and Management interfaces(we will have some hosts on this subnet). What I want to do next is configure the ACL's, and im very confused on how to go about it. We want to permit HTTPS, FTP, POP3, SMTP, and WWW to come into the network from the outside. I do have some static NAT's configured for each of these protocols. I will be translating them to be on an IP address inside the DMZ of course.
Am i correct in assuming i need to apply inbound access lists on the outside interface permitting https, www, ftp, pop3, smtp, and www? If so, what do i configure next to allow this protocol specific traffic to enter the dmz interface and talk to the servers?
Also, for hosts on the inside, and Management interfaces, Since their security is at 100, they should be able to access the outside to get to the internet by default correct? Or do i need to specificly allow that as well with an acl?