cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
282
Views
0
Helpful
3
Replies

Help in configuring zone based firewall

l.buschi
Level 2
Level 2

Can anybody help me in configuring the following?

I have a router with zone based firewall configured.

I have the following port redirect:

ip nat inside source static tcp 192.168.1.100 80 172.24.10.100 8888 extendable

172.24.10.x is my pool of outside addresses.

I need to reach the server 192.168.1.100:80 from any outside address    (by the address 172.24.10.100:8888 )

which class map type inspect do I have to configure?

Thanks

Johnny

3 Replies 3

You can use a class-map that references an ACL. This ACL allows the traffic to the real IP/Port of the server.

do you mean the following?

access-list 101 permit tcp any host 192.168.1.100 eq 80

in the policy map do I have to put an inspect or a pass statement?

Thanks

Johnny

Yes, the ACL is ok, although I would use a named ACL.

The action "pass" is for unidirectional flows. If you want that your server can send answers back to the client (probably yes ;-) ) then you need to "inspect" that traffic.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: