Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

the problems pix 520 with multiple network interfaces.

I have encounter a security access problem.One PIX 520 with four NICs.It has a enet interface with security value 10 and a hbnet interface with security value 20 besides the inside interface with security value 100 and the outside interface with secuirty value 0.i find the problem after i make a ACL policy configuration .below is what the command:

"outbound 1 deny 0.0.0.0

outbound 1 except 192.168.0.100 tcp

outbound 1 permit 210.25.0.0 255.255.0.0 tcp ;the address space 210.25.0.0 is in the ENET .

apply (inside) 1 outgoing_dest "

Last,the soruce address host 192.168.0.100 can access the outside network,but unfortunated,it cann't access all the destination in the ENET.

The Pix software version is 4.2(3).

So what is the reason?

Thank you very much.

1 REPLY
Bronze

Re: the problems pix 520 with multiple network interfaces.

Never put a deny and a permit in the same acl, Break them apart into two separate lists. Also, 4.2(3) is pretty old code.

96
Views
0
Helpful
1
Replies