Example Crypto Access Lists

PIX1

PIX2

Site 1

PIX1

PIX2

Site 1

Site 2

Internet e0 192.168.1.2 eO 192.168.2.2 10.0.2.3

pixl(config)# show static static (inside,outside) 192.168.1.10 10.0.1.3 netmask 255.255.255.255 0 0

pixl(config)# show access-list access-list 110 permit ip host 192.168.1.10 host 192.168.2.10 PIX2

Internet e0 192.168.1.2 eO 192.168.2.2 10.0.2.3

Site 2

PIX1

pixl(config)# show static static (inside,outside) 192.168.1.10 10.0.1.3 netmask 255.255.255.255 0 0

pixl(config)# show access-list access-list 110 permit ip host 192.168.1.10 host 192.168.2.10 PIX2

pix2(config)# show static static (inside,outside) 192.168.2.10 10.0.2.3 netmask 255.255.255.255 0 0

pix2(config)# show access-list access-list 101 permit ip host 192.168.2.10 host 192.168.1.10 Lists are symmetrical

(D2000. Cisco Systems.

Use the show access-list command to display currently configured access lists. The figure above contains an example access list for each of the peer PIX Firewalls. Each PIX Firewall in this example has static mapping of a global IP address to an inside host. The access list source field is configured for the global IP address of the local PIX Firewall's static, which is the destination field for the peer PIX Firewall's global IP address. The access lists are symmetrical.

0 0

Post a comment