im a newbie to using a pix firewall and i have inherited a 525 and would like someone to help point me in the right direction for what my company wants. We have a webserver in our dmz that now needs to communicate with microsofts active directory protocols that are on the inside interface. I have the ports that need to be used but I must confess I'm a bit stuck with where to go now.
Is it simply a matter of creating a new acl from the dmz --> inside?
You are correct. The acl that is created will be on the dmz interface. As that traffic is permitted, the return traffic will be allowed back via the ASA so you don't have to do anything on the inside interface.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...