There is my dilemma, I need to give some inside host(host in the inside subnet) rpc access to a server a nother dmz. Let's call it dmz 16. DMZ 16 has a security level of 90 and my inside has sec level of 100. Therefore, my inside host should be accessed my dmz16, unless an explicit deny, right? For dmz16 host to host my inside, i need to permit traffic coming (ACL). Packet tracert in the FW shows that traffic from inside is permited in DMZ16 as expected.Now, traffic from dmz16 are still deny in the inside interface even though I add an acl:
access-list Inside_access_in line 48 remark DMZ3 RPC Access to SERVER VLAN access-list Inside_access_in line 49 extended permit udp 184.108.40.206 255.255.255.0 10.11.xx.0 255.255.xx.0 range 135 139
access-list Inside_access_in line 52 remark IT VLAN RPC Access to DMZ3 access-list Inside_access_in line 53 extended permit udp 220.127.116.11 255.255.255.0 10.zz.xx.0 255.255.255.0 range 135 139
I enabled inspect dcerpc as you have advice,but that did not change any thing. But one thing that found out is, in my ACL i enabled port range 135-139,but when i check in the default inspection table, port 137-138 are netbios and rpc is 111. I haven't in port settings yet, do you that might be the issue?
As mentioned in the previous post, my ACLs are correct. I even add an ACL in the DMZ16 which I totally don't need as this DMZ has a lower sec level and permit ip for the internal network..
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :