02-29-2008 02:15 AM - edited 03-11-2019 05:10 AM
Hi all, what is the normal way of denying traffic to a dmz, if from the inside all is allowed, would i just create an access list on the dmz outbound ?
02-29-2008 03:37 AM
Hi,
Try this
If ur DMZ interface is 17.2.3.3 255.255.255.0
access-list 12 deny tcp any 17.2.3.3 255.255.255.0
access-list 12 permit tcp any any
access-group 12 in interface inside
Or u can also outbound for dmz as well but this is easier
Raj
03-07-2008 12:40 AM
if your dmz network is 172.16.x.x
and the internal network is 192.168.x.x
then create
access-list 101 extended tcp 192.168.x.x 255.255.x.x 172.16.x.x 255.255.x.x eq ftp
for blocking ftp form inside to dmz
apply on
access-group 101 in interface inside
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide