Need to double-check packet traversal in a pix 6.3(5)
I have webserver on the inside with public IP's.
The acl-inside is limiting access from passing the firewall towards the internet.
Webserver has the static (inside,outside) 18.104.22.168 22.214.171.124 netmask 255.255.255.0
ACL-outside has a permit ip any host 126.96.36.199
Now, to my problem.
I thought you needed to add access for the webserver (188.8.131.52) to respond back?
So acl-inside need the acl rule "permit ip host 184.108.40.206 any"
NOTE, i have a "deny ip any any" at the bottom of my ACL-inside.
need som clarification thanks :)
You do not have to allow the return traffic from the webserver in the inside acl. This is the whole point of a stateful firewall. You do however need to allow any traffic that will be initiated from the webserver through the inside interface.