Configuring Admission Rules
Once NAT has been auspiciously configured as apparent in the antecedent exercise,
internal audience should be able to admission alien resources. Even admitting a specific
rule has not been manually added to acquiesce such outbound access, it is implied
through the configured interface aegis levels.
Using Cisco parlance, cartage is consistently acceptable from firewall interfaces with
higher aegis levels to interfaces with lower aegis levels. For instance, in the
example arrangement architecture, the alien interface of the firewall at address
192.168.1.2 has a aegis akin of 0, and the centralized interface of the firewall
at abode 172.20.1.1 has a aegis akin of 100.This allows centralized cartage to
traverse the firewall outbound after especially allowing it.
However, this adumbrated aphorism is antipodal for cartage traversing from a lower
security-level interface to a college aegis level. Such cartage advancing from outside
networks to central networks is consistently around denied unless permitted.
Therefore, you charge add an admission aphorism to admittance any entering traffic.
To add admission rules, bang the Admission Rules tab from the PDM main
window.The Admission Rules tab awning appears, as apparent in Figure 9.56.
www.syngress.com
Figure 9.56 The Admission Rules Screen
PIX Device Manager • Chapter 9 513
Note the absolute aphorism automatically added by the PIX firewall around permitting
outbound admission through the firewall. From this screen, you can configure
access rules,AAA rules, and clarify rules appliance the Admission Rules, AAA Rules, and
Filter Rules radio buttons, respectively. Admission rules are acclimated to admittance and deny
specific cartage through the firewall.AAA rules are acclimated to configure AAA on specific
connections acceptable through the firewall. Finally, clarify rules are acclimated to
permit or abjure specific URLs or appliance functionality such as Java or
ActiveX outbound. As with adaptation rules, you can dispense all these rules
via the PDM capital card drop-down menus, via the adjustment buttons, or by
right-clicking your abrasion in the rules screen.