Suggested prerequisite reading:
»Cisco Forum FAQ »Basic Internet Firewall ACL for Routers without IOS image Firewall feature
On these sample configurations, it is assumed the following occur
* There are at least three network segments; outside (i.e. WAN or The Internet), inside (LAN), DMZ
* These segments are within their own subnet (Layer-3 separation)
* Inside subnet is 10.0.0.0/24 and DMZ subnet is 10.0.1.0/24
Sample #1: Total Separation between Inside and DMZ
This sample assumes the following
* Internet-only access for DMZ
* DMZ cannot access inside
* Inside cannot access DMZ
Sample #2: Restricted Access on DMZ specific services from Inside
This sample assumes the following
* Internet-only access for DMZ
* DMZ cannot access inside
* Inside can access DMZ only for web (TCP port 80) and email (TCP port 25)
Sample #3: Restricted Access on DMZ most applications from Inside
This sample assumes the following
* Internet-only access for DMZ
* DMZ cannot access inside
* Inside can access DMZ on any TCP-based application and DNS (TCP and UDP port 53)
* Note that most applications are TCP-based. Therefore this sample applies to most network
 feedback form
 feedback form
by aryoba 
last modified: 2008-05-29 10:43:54 |
