PIX Outbound ACL for internal address

Discussion in 'Cisco' started by Sam, Jun 4, 2007.

  1. Sam

    Sam Guest

    I have a requirement for clients on a VLAN to access the internet (no
    problem) and to access a web server (a problem). If we move the
    webserver to the 2nd VLAN we would want clients to access the internet,
    but only to access this one machines web server. My idea was to use a
    PIX firewall as we need some method of providing clients with a DHCP
    address (along with a few other reasons).

    The webserver would sit outside the PIX, so internal wireless clients
    would be going outbound to it, meaning this is NOT on the same network.

    Can I specify in the PIX to allow outbound access to the internet, but
    then specify access to this one server only through port 80? In other
    words I want to specify that the only traffic allowed on a 192.168.1.0
    network is to machine 192.168.1.2 on port 80. All other networks are
    allowed, i.e. all external WANs
     
    Sam, Jun 4, 2007
    #1
    1. Advertisements

  2. Sam

    CK Guest

    What are you currently using for VLAN and Do you have intervlan
    routing enabled on it.
    Anyways tiy need to do VLAN configuration on PIX as well.
    All your issues will be resolved a. In PIX you need to create ACL
    according to requirement and one to one nat on port 80 for the
    webserver.
     
    CK, Jun 5, 2007
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.