dcsimg

AAA PIX - Page 4

 By Cisco Press | Posted Oct 10, 2001
Page 4 of 6   |  Back to Page 1
Print ArticleEmail Article

WEBINAR:
On-Demand

Beyond the Deadline: How GDPR Will Impact Your Company's Risk and Security Profile


For review purposes, look at Figure 4-9. Refer to Figure 4-9 while reviewing the following discussion about the command lines used.

Figure 4-9 PIX outbound command Example

(Click image for larger view in a new window)

The following line prevents access to all of the 10.200.200.0/24 network from all hosts for all protocols. The PIX uses subnet masks, not wildcard masks.

 outbound limit_acctg deny 10.200.200.0 255.255.255.0
The following line is an exception to the preceding line. Because the apply statement uses outgoing_src, the preceding denial of access to the 10.200.200.0 network does not apply to the host with the IP address of 10.10.1.51. Because the security level is higher on the network where this computer sits, this computer has access to the whole of the 10.200.200.0 network.
 outbound limit_acctg except 10.10.1.51
The following line allows all hosts on all networks with a higher security level to have access to the host at 10.200.200.66.
 outbound limit_acctg permit 10.200.200.66
The following line allows all hosts on all networks with a higher security level to have access to the host at 10.200.200.67.
 outbound limit_acctg permit 10.200.200.67
The following line applies the access list called limit_acctg to the accounting interface and makes a definition for the except command, specifying that the IP addresses within the except command refer to a source address.
 apply (accounting) limit_acctg outgoing_dest
It is important to remember that the order of the outbound statements is not a concern because the PIX uses a best-fit algorithm.

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter

By submitting your information, you agree that enterprisenetworkingplanet.com may send you ENTERPRISENetworkingPLANET offers via email, phone and text message, as well as email offers about other products and services that ENTERPRISENetworkingPLANET believes may be of interest to you. ENTERPRISENetworkingPLANET will process your information in accordance with the Quinstreet Privacy Policy.