rajbhatt Fri, 02/29/2008 - 03:37
User Badges:


Try this

If ur DMZ interface is

access-list 12 deny tcp any

access-list 12 permit tcp any any

access-group 12 in interface inside

Or u can also outbound for dmz as well but this is easier


onlyabhishek007 Fri, 03/07/2008 - 00:40
User Badges:

if your dmz network is 172.16.x.x

and the internal network is 192.168.x.x

then create

access-list 101 extended tcp 192.168.x.x 255.255.x.x 172.16.x.x 255.255.x.x eq ftp

for blocking ftp form inside to dmz

apply on

access-group 101 in interface inside


This Discussion