On Sep 8, 10:50*pm, "Gabriele Beltrame" <bel...@drvsource.net> wrote:
> "bruce" <hpm...@gmail.com> ha scritto nel messaggionews:ddbec153-5b5b-4098-b1e1-...
> | Hi,
> | *I needed help in understanding the following in the Cisco PIX
> | config ,
> | *I have network Object-Groups named SMTP_SERVERS,EXCHANGE_SERVERS
> | *And a Service object-group named SMTP
> |
> | My Query is then why should I be using the following statement in my
> | config
> |
> | "access-list IN permit tcp object-group EXCHANGE_SERVERS object-group
> | SMTP_servers object group SMTP"
> |
> | *what is the meaning of the above statemen
>
> Hi,
>
> In the access list above *EXCHANGE_SERVERS group represents the source
> address(es), the SMTP_servers group represents the destination address(es)
> and the SMTP group represents the destination port(s).
> The use of the various group types is merely an administration convenience.
>
> Regards,
> Gabriele
Hi Gabriele,
Thanks for your response , made things more clear to
me ,Though there is some more clarification could you please help out
In the Following Config:
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 DMZ security10
object-group network SMTP_SERVERS
network-object host 129.17.10.51
network-object host 129.17.10.52
network-object host 129.17.10.53
network-object host 129.17.10.54
access-list out permit tcp host 203.17.40.10 host 205.198.114.54 eq
smtp
access-list out permit tcp any host 205.198.114.55 eq https
access-list out permit tcp host 203.17.40.11 host 205.198.114.54eq
smtp
access-list out permit tcp any host 205.198.114.53 eq smtp
access-list out permit tcp host 203.17.40.3 host 205.198.114.54eq
smtp
logging host DMZ 129.17.10.53
ip address outside 205.198.114.49 255.255.255.240
ip address inside 129.17.10.30 255.255.255.240
ip address DMZ 129.17.10.78 255.255.255.240
global (outside) 1 interface
global (DMZ) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
nat (DMZ) 0 0.0.0.0 0.0.0.0 0 0
static (DMZ,outside) 205.198.114.54 129.17.10.51 netmask
255.255.255.255 0 0
static (DMZ,outside) 205.198.114.53 129.17.10.52 netmask
255.255.255.255 0 0
static (DMZ,outside) 205.198.114.55 129.17.10.50 netmask
255.255.255.255 0 0
static (inside,DMZ) 129.17.8.128 172.27.8.128 netmask 255.255.255.128
0 0
static (DMZ,outside) 205.198.114.56 129.17.10.54 netmask
255.255.255.255 0 0
static (DMZ,outside) 205.198.114.57 129.17.10.55 netmask
255.255.255.255 0 0
static (DMZ,outside) 205.198.114.58 129.17.10.53 netmask
255.255.255.255 0 0
access-group out in interface outside
access-group inside in interface inside
access-group dmz in interface DMZ
route outside 0.0.0.0 0.0.0.0 205.198.114.50 1
Notice in the above mentioned config there R no corresponding access-
list statements for some of the static mappings ? will they work with
this type of static mapping for the DMZ ,
also there is one Static mapping mapped to the same ip address I
cannot figure this out
thirdly there is the 0 0 statement at the end of the static mapping
what is it for ??
|
Similar Threads
