Suggested prerequisite reading: »Cisco Forum FAQ »Basic Internet Firewall ACL for Routers without IOS image Firewall feature
On these sample configurations, it is assumed the following occur
* There are at least three network segments; outside (i.e. WAN or The Internet), inside (LAN), DMZ * These segments are within their own subnet (Layer-3 separation) * Inside subnet is 10.0.0.0/24 and DMZ subnet is 10.0.1.0/24
Sample #1: Total Separation between Inside and DMZ
This sample assumes the following * Internet-only access for DMZ * DMZ cannot access inside * Inside cannot access DMZ
Sample #2: Restricted Access on DMZ specific services from Inside
This sample assumes the following * Internet-only access for DMZ * DMZ cannot access inside * Inside can access DMZ only for web (TCP port 80) and email (TCP port 25)
Sample #3: Restricted Access on DMZ most applications from Inside
This sample assumes the following * Internet-only access for DMZ * DMZ cannot access inside * Inside can access DMZ on any TCP-based application and DNS (TCP and UDP port 53) * Note that most applications are TCP-based. Therefore this sample applies to most network
feedback form
feedback form
by aryoba  last modified: 2008-05-29 10:43:54 |