Inbound And Outbound Access List Overview - Cisco 7604 Configuration Manual

Chapter 15 Permitting or Denying Network Access
Then, if you want to allow only certain hosts on the inside networks to access a web server on the outside
network, you can create a more restrictive access list that allows only the specified hosts and apply it to
the outbound direction of the outside interface (see
Lists When You Use NAT" section on page 13-3
outbound access list prevents any other hosts from reaching the outside network.
Figure 15-2
10.1.1.14
See the following commands for this example:
hostname(config)# access-list INSIDE extended permit ip any any
hostname(config)# access-group INSIDE in interface inside
hostname(config)# access-list HR extended permit ip any any
hostname(config)# access-group HR in interface hr
hostname(config)# access-list ENG extended permit ip any any
hostname(config)# access-group ENG in interface eng
hostname(config)# access-list OUTSIDE extended permit tcp host 209.165.201.4
host 209.165.200.225 eq www
hostname(config)# access-list OUTSIDE extended permit tcp host 209.165.201.6
host 209.165.200.225 eq www
hostname(config)# access-list OUTSIDE extended permit tcp host 209.165.201.8
host 209.165.200.225 eq www
hostname(config)# access-group OUTSIDE out interface outside
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
Outbound Access List
FWSM
Permit HTTP from 209.165.201.4, 209.165.201.6,
and 209.165.201.8
Deny all others
Inside
ACL Inbound
Permit from any to any
209.165.201.4
Static NAT
Figure 15-1). See the
for information about NAT and IP addresses. The
Web Server:
209.165.200.225
Outside
ACL Outbound
to 209.165.200.225
HR
ACL Inbound
Permit from any to any
10.1.2.67 209.165.201.6
Static NAT

Inbound and Outbound Access List Overview

"IP Addresses Used for Access
Eng
ACL Inbound
Permit from any to any
10.1.3.34 209.165.201.8
Static NAT
15-3