Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
317
Views
0
Helpful
1
Replies

Implicit rules (PIX)

ALFREDO SPERANZA
Level 1
Level 1

‎05-22-2007 01:20 AM - edited ‎03-11-2019 03:18 AM

Hello,

I've a strange problem working with a PIX 525 ASA7.2(2) with 5 interfaces.

2 interfaces have the implicit rule:

1 source:any, dest:any less secure networks, protocol:ip, action:permit.

2 source:any, dest:any, protocol:ip, action:deny.

The others interfaces don't have this "implicit" rules.

In otrder to allow the networks traffic from a more secure networks to an insecure networks I've to put a rule that allow this and negate the others.

Anybody could help me about this problem?

Thank you in advance!

Alfredo Speranza

Labels:
0 Helpful
1 Reply 1

jwalker
Level 3
Level 3

‎05-22-2007 08:17 AM

To allow traffic from a higher security zone to a lower security zone without an ACL on the interface, make sure you do the following.

Create a NAT for the outbound traffic using a static or nat/global pair

ex. nat (inside) 1 192.168.1.0 255.255.255.0

global (outside) 1 interface

ex. static (inside,outside) 1.1.1.1 192.168.1.10

If you have an ACL on the inside interface, you will have to allow the traffic you want to go out in addition to the above.

If you are trying to allow traffic in from a less secure zone to a more secure zone, you must create a static and ACL for the desired comms.

ex. static (inside,outside) 1.1.1.1 192.168.1.10

access-list outside_access_in extended permit tcp any host 1.1.1.1 eq smtp

** Please rate if this helps*

Cheers.

Jay

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card