Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search instead for
Did you mean:
A host on the DMZ needs to access a specific host on the inside network on a specific port and also needs to have full access to the outside (Internet).
Need to configure an access list on the DMZ interface.
Create an access list on the DMZ interface that allows a single host on the DMZ to access a single host on the inside on port 25, but also allows all other DMZ hosts to browse out to the Internet.
For example, assume that the DMZ subnet is 192.168.1.0/24 and the inside subnet is 10.10.10.0/24. Host 192.168.1.9 on the DMZ needs to access host 10.10.10.11 on the inside on port 25. Given these addresses, the following commands would be entered.
access-list DMZ permit tcp host 192.168.1.9 host 10.10.10.11 eq 25 access-list DMZ deny ip 192.168.1.0 255.255.255.0 10.10.10.0 255.255.255.0 access-list DMZ permit ip any any eq 80 !--- Note: There is an implicit deny ip any any at the end of any access list. access-group DMZ in interface DMZ