PIX Outbound ACL for internal address

Discussion in 'Cisco' started by Sam, Jun 4, 2007.

  1. Sam

    Sam Guest

    I have a requirement for clients on a VLAN to access the internet (no
    problem) and to access a web server (a problem). If we move the
    webserver to the 2nd VLAN we would want clients to access the internet,
    but only to access this one machines web server. My idea was to use a
    PIX firewall as we need some method of providing clients with a DHCP
    address (along with a few other reasons).

    The webserver would sit outside the PIX, so internal wireless clients
    would be going outbound to it, meaning this is NOT on the same network.

    Can I specify in the PIX to allow outbound access to the internet, but
    then specify access to this one server only through port 80? In other
    words I want to specify that the only traffic allowed on a 192.168.1.0
    network is to machine 192.168.1.2 on port 80. All other networks are
    allowed, i.e. all external WANs
     
    Sam, Jun 4, 2007
    #1
    1. Advertising

  2. Sam

    CK Guest

    What are you currently using for VLAN and Do you have intervlan
    routing enabled on it.
    Anyways tiy need to do VLAN configuration on PIX as well.
    All your issues will be resolved a. In PIX you need to create ACL
    according to requirement and one to one nat on port 80 for the
    webserver.



    On Jun 4, 7:34 pm, Sam <> wrote:
    > I have a requirement for clients on a VLAN to access the internet (no
    > problem) and to access a web server (a problem). If we move the
    > webserver to the 2nd VLAN we would want clients to access the internet,
    > but only to access this one machines web server. My idea was to use a
    > PIX firewall as we need some method of providing clients with a DHCP
    > address (along with a few other reasons).
    >
    > The webserver would sit outside the PIX, so internal wireless clients
    > would be going outbound to it, meaning this is NOT on the same network.
    >
    > Can I specify in the PIX to allow outbound access to the internet, but
    > then specify access to this one server only through port 80? In other
    > words I want to specify that the only traffic allowed on a 192.168.1.0
    > network is to machine 192.168.1.2 on port 80. All other networks are
    > allowed, i.e. all external WANs
     
    CK, Jun 5, 2007
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Shad T
    Replies:
    0
    Views:
    790
    Shad T
    Jun 29, 2004
  2. GeekMarine1972
    Replies:
    1
    Views:
    1,317
    Walter Roberson
    Jan 15, 2005
  3. xman
    Replies:
    4
    Views:
    4,763
    Walter Roberson
    May 16, 2005
  4. Giuen
    Replies:
    0
    Views:
    1,463
    Giuen
    Sep 12, 2008
  5. Replies:
    1
    Views:
    948
    Shawn Westerhoff
    May 11, 2009
Loading...

Share This Page