10-8
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
OL-6392-01
Chapter 10 Controlling Network Access with Access Control Lists
Access Control List Overview
For example, you want to apply an ACL to the inbound direction of the inside interface. You configure
the FWSM to perform NAT on the inside source addresses when they access outside addresses. Because
the ACL is applied to the inside interface, the source addresses are the original untranslated addresses.
Because the outside addresses are not translated, the destination address used in the ACL is the real
address (see Figure 10-1).
Figure 10-1 IP Addresses in ACLs: NAT Used for Source Addresses
See the following commands for this example:
FWSM/contexta(config)# access-list INSIDE extended permit ip 10.1.1.0 255.255.255.0 host
209.165.200.225
FWSM/contexta(config)# access-group INSIDE in interface inside
209.165.200.225
Inside
Outside
Inbound ACL
Permit from 10.1.1.0/24 to 209.165.200.225
10.1.1.0/24
PAT
209.165.201.4:port10.1.1.0/24
104634
To Next Page
Loading...
Need help?
General