Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Implicit rules (PIX)

Hello,

I've a strange problem working with a PIX 525 ASA7.2(2) with 5 interfaces.

2 interfaces have the implicit rule:

1 source:any, dest:any less secure networks, protocol:ip, action:permit.

2 source:any, dest:any, protocol:ip, action:deny.

The others interfaces don't have this "implicit" rules.

In otrder to allow the networks traffic from a more secure networks to an insecure networks I've to put a rule that allow this and negate the others.

Anybody could help me about this problem?

Thank you in advance!

Alfredo Speranza

1 REPLY
Silver

Re: Implicit rules (PIX)

To allow traffic from a higher security zone to a lower security zone without an ACL on the interface, make sure you do the following.

Create a NAT for the outbound traffic using a static or nat/global pair

ex. nat (inside) 1 192.168.1.0 255.255.255.0

global (outside) 1 interface

ex. static (inside,outside) 1.1.1.1 192.168.1.10

If you have an ACL on the inside interface, you will have to allow the traffic you want to go out in addition to the above.

If you are trying to allow traffic in from a less secure zone to a more secure zone, you must create a static and ACL for the desired comms.

ex. static (inside,outside) 1.1.1.1 192.168.1.10

access-list outside_access_in extended permit tcp any host 1.1.1.1 eq smtp

** Please rate if this helps*

Cheers.

Jay

130
Views
0
Helpful
1
Replies