07-22-2009 08:20 AM - edited 03-11-2019 08:58 AM
Hi,
I need to allow the following from inside to outside without compromising security, only initiated from inside.
Allow SSH to devices on Internet from LAN
Allow PPTP and Cisco VPN (IPSEC) to connect from inside to outside
Allow ports 5130 outside
Restrict port 80 and 8080 from inside to outside ( browsing )
07-22-2009 08:26 AM
A good place to start for this would be to use nat-control:
"NAT control requires that packets traversing from an inside interface to an outside interface match a NAT rule; for any host on the inside network to access a host on the outside network, you must configure NAT to translate the inside host address."
http://www.cisco.com/en/US/customer/docs/security/asa/asa80/command/reference/no.html#wp1753422
07-22-2009 11:30 AM
Hi,
We have NAT 0 condigured and acl outside but still not able fullfill my requirement, can document or cisco link would be helpful.
07-22-2009 01:28 PM
access-list test_acl extended deny tcp any any eq 80
access-list test_acl extended deny tcp any any eq 8080
access-list test_acl extended permit tcp any any eq ssh
access-list test_acl extended permit udp any any eq 1723
access-list test_acl extended permit gre any any
access-list test_acl extended permit esp any any
access-list test_acl extended permit udp any any eq 500
access-list test_acl extended permit udp any any eq 4500
access-list test_acl extended permit tcp any any eq 5130
access-group test_acl in interface inside
07-22-2009 11:13 PM
Many Thanks.
is it possbile to allow traffic from inside to outside with bandwidth limit.
I need to allow socket application with 64K bandwidth limit.
256K allow limit for PPTP VPN from inside to outside.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide