How to permit traffic to servers behind a Cisco ASA device.
- Web Server 192.168.100.80
- Email Server 192.168.100.25
- DNS Server 192.168.100.53
access-list ServerAccess permit tcp any host 192.168.100.25 eq 25 access-list ServerAccess permit udp any host 192.168.100.53 eq 53 access-list ServerAccess permit tcp any host 192.168.100.80 eq 80 ! access-group ServerAccess in interface outside !
In the above statement we created an access list group called ServerAccess and assigned the ACL group to the outside interface of the CISCO ASA For the incoming traffic with access-group ServerAccess in interface outside The in tells the ASA to allow traffic on the outside interface. Of course, there is an implicit deny any any statement
at the end of the access-list, so all other traffic other than what is designated by the ACL will be blocked.