Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Access Rule (PIX 515E)

I am trying to create an access rule in th e DMZ on a PIX 515E to one server in the DMZ (192.168.30.10) from two different IPs:

74.125.45.83

74.125.45.17

From these two IPs I want to permit https & ping traffic only. This is where I'm running into a problem.

[code]

access-list tsb-dmz extended permit icmp host 192.168.30.10 any

access-list tsb-dmz extended permit tcp host 192.168.30.10 any eq www

access-list tsb-dmz extended permit tcp host 192.168.30.10 any object-group DM_INLINE_TCP_1

access-list tsb-dmz extended permit tcp host 192.168.30.10 host 192.168.2.19 object-group SQL1433

access-list tsb-dmz extended permit tcp object-group DM_INLINE_NETWORK_2 host 64.4.33.7 eq https

access-list tsb-dmz extended permit ip any any inactive

access-list tsb-dmz extended permit object-group DM_INLINE_SERVICE_1 host 192.168.30.10 host 192.168.2.19

access-list tsb-dmz extended permit icmp any host 64.4.33.7

[/code]

the traffic is not coming through, what do I need to do?

2 REPLIES
Cisco Employee

Re: Access Rule (PIX 515E)

What are the global ip addresses for the server?

Are the users going to be coming from the outside?

The you need to manipulate the outside ACL anbd maybe change the translation isd the sevrer is not translated.

You will need something like

access-l outside-acl permit tcp h 74.125.45.83 h eq 443

access-l outside-acl permit tcp h 74.125.45.17 h eq 443

access-l outside-acl permit icmp h 74.125.45.83 h

access-l outside-acl permit icmp h 74.125.45.17 h

static (dmz,outside) 192.168.30.10

I hope it helps.

PK

New Member

Re: Access Rule (PIX 515E)

I'll try this

Thanks

152
Views
0
Helpful
2
Replies
CreatePlease to create content