Need to double-check packet traversal in a pix 6.3(5)
I have webserver on the inside with public IP's.
The acl-inside is limiting access from passing the firewall towards the internet.
Webserver has the static (inside,outside) 22.214.171.124 126.96.36.199 netmask 255.255.255.0
ACL-outside has a permit ip any host 188.8.131.52
Now, to my problem.
I thought you needed to add access for the webserver (184.108.40.206) to respond back?
So acl-inside need the acl rule "permit ip host 220.127.116.11 any"
NOTE, i have a "deny ip any any" at the bottom of my ACL-inside.
need som clarification thanks :)
You do not have to allow the return traffic from the webserver in the inside acl. This is the whole point of a stateful firewall. You do however need to allow any traffic that will be initiated from the webserver through the inside interface.