access lists for asa

Unanswered Question
Feb 29th, 2008

Hi all, what is the normal way of denying traffic to a dmz, if from the inside all is allowed, would i just create an access list on the dmz outbound ?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
rajbhatt Fri, 02/29/2008 - 03:37

Hi,

Try this

If ur DMZ interface is 17.2.3.3 255.255.255.0

access-list 12 deny tcp any 17.2.3.3 255.255.255.0

access-list 12 permit tcp any any

access-group 12 in interface inside

Or u can also outbound for dmz as well but this is easier

Raj

onlyabhishek007 Fri, 03/07/2008 - 00:40

if your dmz network is 172.16.x.x

and the internal network is 192.168.x.x

then create

access-list 101 extended tcp 192.168.x.x 255.255.x.x 172.16.x.x 255.255.x.x eq ftp

for blocking ftp form inside to dmz

apply on

access-group 101 in interface inside

Actions

This Discussion