02-29-2008 02:15 AM - edited 03-11-2019 05:10 AM
Hi all, what is the normal way of denying traffic to a dmz, if from the inside all is allowed, would i just create an access list on the dmz outbound ?
02-29-2008 03:37 AM
Hi,
Try this
If ur DMZ interface is 17.2.3.3 255.255.255.0
access-list 12 deny tcp any 17.2.3.3 255.255.255.0
access-list 12 permit tcp any any
access-group 12 in interface inside
Or u can also outbound for dmz as well but this is easier
Raj
03-07-2008 12:40 AM
if your dmz network is 172.16.x.x
and the internal network is 192.168.x.x
then create
access-list 101 extended tcp 192.168.x.x 255.255.x.x 172.16.x.x 255.255.x.x eq ftp
for blocking ftp form inside to dmz
apply on
access-group 101 in interface inside
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: