Implementing a Packet-Filtering ACL
Now that we have that cleared up, let’s return to the issue of a device on the outside needing to initiate a connection to a server on the DMZ. To make that happen, you use an ACL that specifically permits the traffic to the server from the outside. If the server will be accessed by the general public, the ACL specifies that any device has access through the firewall to the DMZ server as long as the destination IP address and port numbers match the server’s address and services offered by the DMZ server. If the ACL is applied inbound on the outside interface, any permit entries inside the ACL allow traffic to be sourced on the lower-security interface and go to the higher-security interface such as the DMZ. ...
Get Santos:CCNA Sec 210-260 OCG now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
