I have a machine on the DMZ that needs access to two http servers on the inside network. In addition, I would also like the DMZ machine to access http servers anywhere on the outside network.
How would I do this without allowing the DMZ machine to access any other machines on the inside network besides those two specific ones?
Thanks in advance,
Vince
access-list dmz_acl permit tcp host DMZPRIVATEIP host INSIDEPUBLICIP1 eq http access-list dmz_acl permit tcp host DMZPRIVATEIP host INSIDEPUBLICIP2 eq http access-list dmz_acl deny tcp any INSIDEPUBLICIPBASE INSIDEPUBLICIPMASK access-list dmz_acl permit tcp DMZPRIVATEIP any eq http static (inside,dmz) tcp INSIDEPUBLICIP1 http INSIDEPRIVATEIP1 http netmask
255.255.255.255 static (inside,dmz) tcp INSIDEPUBLICIP2 http INSIDEPRIVATEIP2 http netmask 255.255.255.255Thanks Walter, that worked great. I'm still suffering from a bit of culture shock coming from an IPCHAINS frame of mind.
Walter Robers> > >I have a machine on the DMZ that needs access to two http servers on
255.255.255.255 255.255.255.255Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.