1. I need to allow internet for inside users say(ports 80,443)which interface i need to apply the acl & has what?
2. I need to access the FTP server in internet from one particular system in inside say(system ip 192.168.100.25 & ftp 216.87.172.x)what will be the acl & which interface we need to apply.
3. let say i have natted one inside system with public IP i have to access this system thru rdp(port 3389) from internet. what is the acl & where we need to apply?
based on your original post, and the last posting my acl would look something like:-
access-list inside-out permit tcp 192.168.100.0 255.255.255.0 any eq 80 - inside out HTTP
access-list inside-out permit tcp 192.168.100.0 255.255.255.0 any eq 443 - inside out HTTPS
access-list inside-out permit tcp host 192.168.100.25 host 216.82.172.x eq 21 - specific inside host to external FTP server
access-list inside-out permit udp any any eq 53 - inside DNS
access-list inside-out permit icmp any any - for troubleshooting IP connectivity
access-list inside-out deny ip any any log - log all deny access from inside out.
access-group inside-out in interface inside
I would re-write my original outside acl to
access-list outside-in extended permit icmp any any echo-reply
access-list outside-in extended permit icmp any any unreachable
access-list outside-inextended permit icmp any any traceroute
access-list outside-in extended permit icmp any any time-exceeded
access-list outside-in permit tcp any host <> eq 3389
access-group outside-in in interface outside