Hi, I needed help in understanding the following in the Cisco PIX config , I have network Object-Groups named SMTP_SERVERS,EXCHANGE_SERVERS And a Service object-group named SMTP
My Query is then why should I be using the following statement in my config
"access-list IN permit tcp object-group EXCHANGE_SERVERS object-group SMTP_servers object group SMTP"
"bruce" ha scritto nel messaggio news: snipped-for-privacy@t1g2000pra.googlegroups.com... | Hi, | I needed help in understanding the following in the Cisco PIX | config , | I have network Object-Groups named SMTP_SERVERS,EXCHANGE_SERVERS | And a Service object-group named SMTP | | My Query is then why should I be using the following statement in my | config | | "access-list IN permit tcp object-group EXCHANGE_SERVERS object-group | SMTP_servers object group SMTP" | | what is the meaning of the above statemen
Hi,
In the access list above EXCHANGE_SERVERS group represents the source address(es), the SMTP_servers group represents the destination address(es) and the SMTP group represents the destination port(s). The use of the various group types is merely an administration convenience.
Hi Gabriele, Thanks for your response , made things more clear to me ,Though there is some more clarification could you please help out In the Following Config:
access-group out in interface outside access-group inside in interface inside access-group dmz in interface DMZ route outside 0.0.0.0 0.0.0.0 205.198.114.50 1
Notice in the above mentioned config there R no corresponding access- list statements for some of the static mappings ? will they work with this type of static mapping for the DMZ , also there is one Static mapping mapped to the same ip address I cannot figure this out thirdly there is the 0 0 statement at the end of the static mapping what is it for ??
It has been a while since I last configured an PIX/ASA but generally a connection is always permitted from a higher security interface to a lower security one as soon as an address translation can be done. (on FSWM an ACL must always be in place); from the config statements it seems that there should also be the "inside" and "dmz" acls around (unless they've been deleted)
The "0 0" after the statics are most likely the TCP "max connections limit" (none in this case) and TCP "embryonics limit" (none in this case).
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.