Information about extended access rules, Access rules for returning traffic – Cisco ASA 5505 User Manual

Page 674

34-4

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 34 Configuring Access Rules

Information About Access Rules

Figure 34-1

Outbound Access List

See the following commands for this example:

hostname(config)# access-list OUTSIDE extended permit tcp host 10.1.1.14

host 209.165.200.225 eq www

hostname(config)# access-list OUTSIDE extended permit tcp host 10.1.2.67

host 209.165.200.225 eq www

hostname(config)# access-list OUTSIDE extended permit tcp host 10.1.3.34

host 209.165.200.225 eq www

hostname(config)# access-group OUTSIDE out interface outside

Information About Extended Access Rules

This section describes information about extended access rules and includes the following topics:

•

Access Rules for Returning Traffic, page 34-4

•

Allowing Broadcast and Multicast Traffic through the Transparent Firewall Using Access Rules,
page 34-5

•

Management Access Rules, page 34-5

Access Rules for Returning Traffic

For TCP and UDP connections for both routed and transparent mode, you do not need an access rule to
allow returning traffic because the ASA allows all returning traffic for established, bidirectional
connections.

Web Server:

209.165.200.225

Inside

Eng

Outside

Static NAT

209.165.201.4

10.1.1.14

Static NAT

209.165.201.6

10.1.2.67

Static NAT

209.165.201.8

10.1.3.34

ACL Outbound

Permit HTTP from

10.1.1.14

10.1.2.67

and

10.1.3.34

209.165.200.225

Deny all others

ACL Inbound

Permit from

any

ACL Inbound

Permit from

any

ACL Inbound

Permit from

any

ASA

333823

This manual is related to the following products:

ASA 5585-X ASA 5555-X ASA 5545-X ASA 5525-X ASA 5515-X ASA 5512-X ASA 5580 ASA 5550 ASA 5540 ASA 5520 ASA 5510 ASA 5500 Series