Chapter8 Create Firewall
How Do I...
8-18
Cisco Router and Security Device Manager 2.5 User’s Guide
OL-4015-12
If you create an access rule in the ACL Editor available in Additional Tasks, you
have complete control over the permit and deny statements in the rule, and you
must ensure that traffic is permitted between VPN peers. The following
statements are examples of the types of statements that should be included in the
configuration to permit VPN traffic:
access-list 105 permit ahp host 123.3.4.5 host 192.168.0.1
access-list 105 permit esp host 123.3.4.5 host 192.168.0.1
access-list 105 permit udp host 123.3.4.5 host 192.168.0.1 eq isakmp
access-list 105 permit udp host 123.3.4.5 host 192.168.0.1 eq
non500-isakmp
How Do I Permit Specific Traffic Through a DMZ Interface?
Follow the steps below to configure access through your firewall to a web server
on a DMZ network:
Step1 From the left frame, select Firewall and ACL.
Step2 Select Advanced Firewall.
Step3 Click Launch the Selected Task.
Step4 Click Next.
The Advanced Firewall Interface Configuration screen appears.
Step5 In the Interface table, select which interfaces connect to networks inside your
firewall and which interfaces connect to networks outside the firewall.
Step6 From the DMZ Interface field, select the interface that connects to your DMZ
network.
Step7 Click Next>.
Step8 In the IP Address field, enter the IP address or range of IP addresses of your web
server(s).
Step9 From the Service field, select TCP.
Step10 In the Port field, enter 80 or www.
Step11 Click Next>.
Step12 Click Finish.