[c-nsp] PIX question

chloe K chloekcy2000 at yahoo.ca
Fri Jan 9 15:41:17 EST 2009


Thank you for your doc info
   
  You mean I have to put access-list before http and snmp can work
   
  access-list ANY extended permit ip any any
access-group ANY in interface dmz
   
  ls it OK?
   
  One question, Why the telnet and ssh are working?
   
  Thank you again
   
  
 
   
   
  
Brad Hedlund <brhedlun at cisco.com> wrote:
  On 1/9/09 1:05 PM, "chloe K" wrote:

> Hi all
> 
> I enable the http and snmp community in dmz 192 network
> 
> http server enable
> http 192.168.0.0 255.255.255.0 dmz
> 
> snmp-server community aaabbbb
> 
> but I can't access both (httpd and snmpwalk) in any hosts of 192.168.0.0
> network
> 
> What am I doing wrong?

What you have done is enable the PIX itself to be managed via HTTP and
allowed host on the 192.168.0.0 DMZ to manage the PIX with HTTP. You have
also tuned on SNMP management of the PIX itself.

If you want the PIX to pass HTTP and SNMP traffic to the hosts on the
192.168.0.0 network you will need to allow that traffic in an access list
applied to the appropriate interfaces.

Like this:

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/nwacc
ess.html

Hope this helps.

Cheers,
Brad Hedlund
bhedlund at cisco.com
http://www.internetworkexpert.org



       
 
              
---------------------------------
    
       
Yahoo!         Canada Toolbar : Search from anywhere on         the web and bookmark your favourite sites. Download it now!          


More information about the cisco-nsp mailing list