I've been trying to apply the 105 access-list to the serial interface inbound to protect these internal networks from the big, bad Internet but I need to allow for a web server and an email server at the static nat address that's been specified. When I apply the access-list, however, I am unable to browse to the web server from the outside, and mail doesn't go through. Internet traffic (browsing) from inside the network seems fine, however.
Any thoughts or advice would be greatly appreciated.
access-list 105 deny ip host 0.0.0.0 any log
access-list 105 deny ip any 255.255.255.128 0.0.0.127 log
access-list 105 deny ip 0.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255 log
access-list 105 deny ip 10.0.0.0 0.255.255.255 any log
access-list 105 deny ip 127.0.0.0 0.255.255.255 any log
access-list 105 deny ip 172.16.0.0 0.15.255.255 any log
access-list 105 deny ip 192.168.0.0 0.0.255.255 any log
access-list 105 deny ip 184.108.40.206 0.0.0.255 255.255.255.0 0.0.0.255 log
access-list 105 deny ip 220.127.116.11 18.104.22.168 22.214.171.124 126.96.36.199 log
access-list 105 deny ip 10.1.0.0 0.0.255.255 any log
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...