Cisco Systems ISA550 Allowing Inbound Traffic from Specified Range of Outside Hosts

Firewall

Firewall and NAT Rule Configuration Examples

Cisco ISA500 Series Integrated Security Appliances Administration Guide 279

Allowing Inbound Traffic from Specified Range of Outside Hosts

Use Case: You want to allow incoming video conferencing to be initiated from a

restricted range of outside IP addresses (132.177.88.2 to 132.177.88.254). In the

example, connections for CU-SeeMe (an Internet video-conferencing client) are

allowed only from a specified range of external IP addresses.

Solution: Perform the following tasks to complete the configuration:

STEP 1 Go to the Networking > Address Management page to create an address object

with the range 132.177.88.2 to 132.177.88.254 called “OutsideNetwork” and a host

address object with the IP 192.168.75.110 called “InternalIP.”

STEP 2 Go to the Firewall > NAT > Port Forwarding page to create a port forwarding rule

as follows.

STEP 3 Go to the Firewall > Access Control > ACL Rules page and create the ACL rule as

described below.

Match Action Permit

Original Service CU-SEEME

Translat ed Serv ice CU-SEEME

Translat ed IP InternalIP

WAN WAN1

WAN IP WA N1_ IP

Enable Port

Forwarding

Create Firewall Rule Off

From Zone WAN

To Z one LAN