When I use this config for our dmz allowing 80 and 443, it doesn't work and instead the default deny all rule seems to block everything, disregarding my permit statements. I think it's a software bug, can anyone confirm? In reverse (permit all by default) I can get it working by specific deny rules, but I need this to work the other way around for obvious reasons. This is how I configured it below.
ip access-list extended dmz
permit tcp any any any www ace-priority 10
permit tcp any any any 443 ace-priority 20
exit
interface vlan 17
service-acl input dmz
Where vlan 17 is the dmz I want to bind this acl to.
No comments:
Post a Comment