user manual

Chapter 8 Create Firewall

How Do I...

8-18

Cisco Router and Security Device Manager 2.5 User’s Guide

OL-4015-12

If you create an access rule in the ACL Editor available in Additional Tasks, you

have complete control over the permit and deny statements in the rule, and you

must ensure that traffic is permitted between VPN peers. The following

statements are examples of the types of statements that should be included in the

configuration to permit VPN traffic:

access-list 105 permit ahp host 123.3.4.5 host 192.168.0.1

access-list 105 permit esp host 123.3.4.5 host 192.168.0.1

access-list 105 permit udp host 123.3.4.5 host 192.168.0.1 eq isakmp

access-list 105 permit udp host 123.3.4.5 host 192.168.0.1 eq

non500-isakmp

How Do I Permit Specific Traffic Through a DMZ Interface?

Follow the steps below to configure access through your firewall to a web server

on a DMZ network:

Step 1 From the left frame, select Firewall and ACL.

Step 2 Select Advanced Firewall.

Step 3 Click Launch the Selected Task.

Step 4 Click Next.

The Advanced Firewall Interface Configuration screen appears.

Step 5 In the Interface table, select which interfaces connect to networks inside your

firewall and which interfaces connect to networks outside the firewall.

Step 6 From the DMZ Interface field, select the interface that connects to your DMZ

network.

Step 7 Click Next>.

Step 8 In the IP Address field, enter the IP address or range of IP addresses of your web

server(s).

Step 9 From the Service field, select TCP.

Step 10 In the Port field, enter 80 or www.

Step 11 Click Next>.

Step 12 Click Finish.