Hi there,
Say initially I have the following rules which limit what wan services can be accessed from my lan segment:
access-list 101 permit tcp 10.1.1.0 255.255.255.0 any eq www
access-list 101 permit tcp 10.1.1.0 255.255.255.0 any eq https
access-list 101 permit tcp 10.1.1.0 255.255.255.0 any eq ftp
access-list 101 permit tcp 10.1.1.0 255.255.255.0 any eq ftp-data
access-list 101 permit tcp 10.1.1.0 255.255.255.0 any eq pop3
access-list 101 permit tcp 10.1.1.0 255.255.255.0 any eq smtp
access-list 101 permit tcp 10.1.1.0 255.255.255.0 any eq telnet
If I add this rule to allow traffic to my vpn peer:
access-list 101 permit tcp 10.1.1.0 255.255.255.0 10.2.2.0 255.255.255.0
What will be the effective rules then? Will pix be smart enough to allow specified tcp traffic from lan to wan, but allow all tcp traffic from lan to vpn peer's lan?
Thanks so much for your help!
Say initially I have the following rules which limit what wan services can be accessed from my lan segment:
access-list 101 permit tcp 10.1.1.0 255.255.255.0 any eq www
access-list 101 permit tcp 10.1.1.0 255.255.255.0 any eq https
access-list 101 permit tcp 10.1.1.0 255.255.255.0 any eq ftp
access-list 101 permit tcp 10.1.1.0 255.255.255.0 any eq ftp-data
access-list 101 permit tcp 10.1.1.0 255.255.255.0 any eq pop3
access-list 101 permit tcp 10.1.1.0 255.255.255.0 any eq smtp
access-list 101 permit tcp 10.1.1.0 255.255.255.0 any eq telnet
If I add this rule to allow traffic to my vpn peer:
access-list 101 permit tcp 10.1.1.0 255.255.255.0 10.2.2.0 255.255.255.0
What will be the effective rules then? Will pix be smart enough to allow specified tcp traffic from lan to wan, but allow all tcp traffic from lan to vpn peer's lan?
Thanks so much for your help!