01-16-2004 09:22 AM - edited 02-20-2020 09:23 PM
Greetings,
I'm attempting to allow a specific outside address SSL access to any host on our inside network. I have ACLs
access-list outside_acl permit tcp <outsidehostIP> <insidehostIP> eq <port>
For most entries, but how do I construct an ACL to allow the single outside host access to any inside host on eq 443? When I designate the access inside to "any" or 0.0.0.0 0.0.0.0, it won't accept the ACL.
I guess I'm missing something.
Thanks.
01-16-2004 04:06 PM
One outside address allowed access to an inside server via SSL.
Outside address being granted access: 12.12.12.12
Inside PUBLIC address of server hosting SSL: 11.11.11.11
Inside PRIVATE address of server hosting SSL: 10.10.10.1
static(inside,outside) 11.11.11.11 10.10.10.1
access-list outside-coming-in permit tcp host 12.12.12.12 host 11.11.11.11 eq 443
access-group outside-coming-in in interface outside
You need to have a static mapping for the inside server that will be accessed. If the server is in the DMZ:
static(dmz,outside) 11.11.11.11 10.10.10.1
access-list outside-coming-in permit tcp host 12.12.12.12 host 11.11.11.11 eq 443
access-group outside-coming-in in interface dmz
01-20-2004 04:41 AM
Thanks. I gather from your reply that a one to many relationship is not possible. I have many acls as you've described for access to single inside hosts.
01-20-2004 06:04 AM
One to many? I'm not sure what you mean by that... you can grant multiple addresses access to one server:
access-list inbound permit tcp any 12.12.12.12 eq 443
or
access-list inbound permit tcp 128.0.0.0 255.0.0.0 host 12.12.12.12 eq 443
or
access-list inbound permit tcp any any eq 443
or
access-list inbound permit tcp host 204.11.2.1 any eq 443
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide