Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Outside ACL

Greetings,

I'm attempting to allow a specific outside address SSL access to any host on our inside network. I have ACLs

access-list outside_acl permit tcp <outsidehostIP> <insidehostIP> eq <port>

For most entries, but how do I construct an ACL to allow the single outside host access to any inside host on eq 443? When I designate the access inside to "any" or 0.0.0.0 0.0.0.0, it won't accept the ACL.

I guess I'm missing something.

Thanks.

3 REPLIES
New Member

Re: Outside ACL

One outside address allowed access to an inside server via SSL.

Outside address being granted access: 12.12.12.12

Inside PUBLIC address of server hosting SSL: 11.11.11.11

Inside PRIVATE address of server hosting SSL: 10.10.10.1

static(inside,outside) 11.11.11.11 10.10.10.1

access-list outside-coming-in permit tcp host 12.12.12.12 host 11.11.11.11 eq 443

access-group outside-coming-in in interface outside

You need to have a static mapping for the inside server that will be accessed. If the server is in the DMZ:

static(dmz,outside) 11.11.11.11 10.10.10.1

access-list outside-coming-in permit tcp host 12.12.12.12 host 11.11.11.11 eq 443

access-group outside-coming-in in interface dmz

New Member

Re: Outside ACL

Thanks. I gather from your reply that a one to many relationship is not possible. I have many acls as you've described for access to single inside hosts.

New Member

Re: Outside ACL

One to many? I'm not sure what you mean by that... you can grant multiple addresses access to one server:

access-list inbound permit tcp any 12.12.12.12 eq 443

or

access-list inbound permit tcp 128.0.0.0 255.0.0.0 host 12.12.12.12 eq 443

or

access-list inbound permit tcp any any eq 443

or

access-list inbound permit tcp host 204.11.2.1 any eq 443

128
Views
0
Helpful
3
Replies
CreatePlease login to create content