Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
317
Views
0
Helpful
2
Replies

access lists for asa

carl_townshend
Spotlight
Spotlight

‎02-29-2008 02:15 AM - edited ‎03-11-2019 05:10 AM

Hi all, what is the normal way of denying traffic to a dmz, if from the inside all is allowed, would i just create an access list on the dmz outbound ?

Labels:
0 Helpful
2 Replies 2

rajbhatt
Level 3
Level 3

‎02-29-2008 03:37 AM

Hi,

Try this

If ur DMZ interface is 17.2.3.3 255.255.255.0

access-list 12 deny tcp any 17.2.3.3 255.255.255.0

access-list 12 permit tcp any any

access-group 12 in interface inside

Or u can also outbound for dmz as well but this is easier

Raj

0 Helpful

onlyabhishek007
Level 1
Level 1

‎03-07-2008 12:40 AM

if your dmz network is 172.16.x.x

and the internal network is 192.168.x.x

then create

access-list 101 extended tcp 192.168.x.x 255.255.x.x 172.16.x.x 255.255.x.x eq ftp

for blocking ftp form inside to dmz

apply on

access-group 101 in interface inside

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card