Hi,
I have a rule dilemma, and hope someone can help me. The default policy for traffic from my LAN to the Internet is allow all (security level of LAN/inside = 100, security level of internet/outside = 0).
The LAN subnet is: 192.168.5.0/24, but they are not natted because we want to force all users to use the proxy server. There is certain range of IP is natted (192.168.5.32/28). This IP can access the internet without the proxy.
We want to create another range of IP (say 192.168.5.193/28) within the same LAN class, but only permitting SSL (443 tcp) to another server on the internet. Here's the steps I plan:
- Nat the 192.168.5.193/28 range which results in allowing anything to go to the internet
- Put a rule to permit SSL to an internet IP, but still have the default policy for 192.168.5.0/24 to allow all
I am able to do step 1, but I don't know if I can do step 2. If it's possible, what the command?
Thank you.
LK