rajbhatt Fri, 02/29/2008 - 03:37
User Badges:



Hi,

Try this

If ur DMZ interface is 17.2.3.3 255.255.255.0

access-list 12 deny tcp any 17.2.3.3 255.255.255.0

access-list 12 permit tcp any any

access-group 12 in interface inside


Or u can also outbound for dmz as well but this is easier


Raj

onlyabhishek007 Fri, 03/07/2008 - 00:40
User Badges:



if your dmz network is 172.16.x.x

and the internal network is 192.168.x.x


then create


access-list 101 extended tcp 192.168.x.x 255.255.x.x 172.16.x.x 255.255.x.x eq ftp


for blocking ftp form inside to dmz


apply on


access-group 101 in interface inside

Actions

This Discussion