08-27-2008 07:49 AM - edited 03-11-2019 06:36 AM
Hello
Need to double-check packet traversal in a pix 6.3(5)
I have webserver on the inside with public IP's.
The acl-inside is limiting access from passing the firewall towards the internet.
Webserver has the static (inside,outside) 1.1.1.1 1.1.1.1 netmask 255.255.255.0
ACL-outside has a permit ip any host 1.1.1.1
Now, to my problem.
I thought you needed to add access for the webserver (1.1.1.1) to respond back?
So acl-inside need the acl rule "permit ip host 1.1.1.1 any"
NOTE, i have a "deny ip any any" at the bottom of my ACL-inside.
need som clarification thanks :)
Solved! Go to Solution.
08-27-2008 08:08 AM
You do not have to allow the return traffic from the webserver in the inside acl. This is the whole point of a stateful firewall. You do however need to allow any traffic that will be initiated from the webserver through the inside interface.
08-27-2008 08:08 AM
You do not have to allow the return traffic from the webserver in the inside acl. This is the whole point of a stateful firewall. You do however need to allow any traffic that will be initiated from the webserver through the inside interface.
08-27-2008 10:26 AM
Thank you Adam
Must be going alzheimers already :)
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: