Assume the following setup
---------------------------
212.x.x.x6 real proxy IP
10.1.1.2 (DMZ1) mapped proxy IP for DMZ
150.222.0.0 inside network
assume your proxy is 212.x.x.6 is mapped with 10.1.1.2
your whole inside class is allowed to use proxy, however you can restrict it
by proxy authentication method
Allow your real ip that is mapped with 10.1.1.2 for any tcp protocol, you
can restrict by ports as your policy requirement.
example
static (dmz1,outside) 212.x.x.6 10.1.1.2 netmask 255.255.255.255 0 0
static (inside,dmz1) 150.222.0.0 150.222.0.0 netmask 255.255.0.0 0 0
conduit permit tcp 212.x.x.6 255.255.255.0 any
or
conduit permit tcp host 212.x.x.10 eq www any
conduit permit tcp host 212.x.x.10 eq 80 any
conduit permit tcp host 212.x.x.10 eq 21 any
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=16017&t=16003
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
