Cisco Systems ISA550 Manual De Usuario
Firewall
Firewall and NAT Rule Configuration Examples
Cisco ISA500 Series Integrated Security Appliances Administration Guide
279
6
Allowing Inbound Traffic from Specified Range of Outside
Hosts
Hosts
Use Case: You want to allow incoming video conferencing to be initiated from a
restricted range of outside IP addresses (132.177.88.2 to 132.177.88.254). In the
example, connections for CU-SeeMe (an Internet video-conferencing client) are
allowed only from a specified range of external IP addresses.
restricted range of outside IP addresses (132.177.88.2 to 132.177.88.254). In the
example, connections for CU-SeeMe (an Internet video-conferencing client) are
allowed only from a specified range of external IP addresses.
Solution: Perform the following tasks to complete the configuration:
STEP 1
Go to the Networking > Address Management page to create an address object
with the range 132.177.88.2 to 132.177.88.254 called “OutsideNetwork” and a host
address object with the IP 192.168.75.110 called “InternalIP.”
with the range 132.177.88.2 to 132.177.88.254 called “OutsideNetwork” and a host
address object with the IP 192.168.75.110 called “InternalIP.”
STEP 2
Go to the Firewall > NAT > Port Forwarding page to create a port forwarding rule
as follows.
as follows.
STEP 3
Go to the Firewall > Access Control > ACL Rules page and create the ACL rule as
described below.
described below.
Match Action
Permit
Original Service
CU-SEEME
Translated Service
CU-SEEME
Translated IP
InternalIP
WAN
WAN1
WAN IP
WAN1_IP
Enable Port
Forwarding
Forwarding
On
Create Firewall Rule
Off
From Zone
WAN
To Zone
LAN