Topology:
LAN --- PIX 506E ---- Cisco 2501 ---- Internet
We have the following lines in our router config
access-list 100 deny ip 10.0.0.0 0.255.255.255 any access-list 100 deny ip 172.16.0.0 0.15.255.255 any access-list 100 deny ip 192.168.0.0 0.0.255.255 any access-list 100 deny ip 127.0.0.0 0.255.255.255 any access-list 100 deny ip 224.0.0.0 31.255.255.255 any
ACL 100 an in inbound list applied on the serial interface of our Cisco
2501 router, i.e. for traffic coming from the ISP's network (internet).Behind the router we run a PIX 506 Firewall. At the moment, we are the main office of an organisation, but we'll soon be implenting a VPN with a branch office that runs the same setup. Their internal subnet is
192.168.2.0/24, ours is 192.168.1.0/24. The VPN will be PIX-PIX.Will ACL 100 affect inbound traffic from the branch because it blocks
192.168.0.0/16 traffic? Even though the VPN is configured via the PIX's, the traffic still has to traverse the router?Secondly, we also have the following rules on the router;
access-list 102 permit tcp 213.62.0.0 0.0.128.255 host MAIL_GATEWAY eq domain access-list 102 permit tcp host A host MAIL_GATEWAY eq domain
ACL 102 is an outbound list applied to the Ethernet interface of the router, i.e. traffic to our LAN.
I am curious as to what these lines do? I take eq domain refers to DNS services, and the lines signify host A and the 213.62.0.0 0.0.128.255 [fake IP's] range connecting to the Gateway on the DNS port, but is there any reason for this?
Thanks.