I have a DMZ configured that should normally only allow traffic to http, mail, etc. However, I would like to allow admin traffic like ssh from certain IPs as well. For example, my DMZs are behind one IP range from one ISP. My LAN is behind another IP range from another ISP. I'd like admin traffic from my LAN ISP range access to the DMZ.
DMZ configuration to allow access to the http servers, etc. is pretty straightforward. However, I can't figure out how to allow that traffic and only allow admin traffic from my LAN ISP IP address range.
Here's the basic DMZ zone configuration:
class-map type inspect match-any ccp-dmz-protocols
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...