Creating access lists, Creating access lists -21, Creating standard access rules – Avaya P580 User Manual
Page 307
Avaya P550R, P580, P880, and P882 Multiservice Switch User Guide, v5.3.1
9-21
Configuring IP Routing
Rules 1 and 2 collectively manage web traffic to and from the web
server (WS). Rule 1 says that any source address can get to the web
server’s IP address using destination port 80. Because the TCP
Established criteria is unchecked, hosts from any network can send
a TCP “call setup” message as a first step in requesting a web page.
Rule 2 says that the web server may respond to any (TCP) web
request. Although it can send a message back to any address from
any source port, only messages that are in response to a web request
will be forwarded because TCP Established is checked and the source
port criteria is specified.
Rules 3 and 4 handle traffic from the web server that is not in
response to a web request. Rule 3 gives the web server access to the
rest of the Inside networks. And Rule 4 blocks the web server from
getting to the rest of the networks (Outside).
Rule 5 gives the hosts on the Inside network access to any network.
Rule 6 blocks any other host from using resources on any of the
Inside networks.
* Note: In this simple example, pseudo-rules are used. In
practice, the pseudo-rule “allow WS to IN” would
require that you create rules that forward traffic from
the web server’s IP address to each network on the
Inside explicitly. If you had 30 inside networks, you’d
create 30 rules. This is where a subnetted network
would be powerful; because you could summarize
subnets into a few rules.
Creating Access Lists
Creating
Standard Access
Rules
To create standard access rules:
1. Select Access Lists from the Routing > IP > Configuration
group on the Web Agent window. The IP Access List dialog
box opens (Figure 6-30).
* Note: The IP Access List displays all standard and
extended access rules that have been created. If
no rules have been created, the following
statement displays: No IP Access Rules are
currently configured.
Due to its size, Figure 6-30 shows the Access List
dialog box split in two separate sections.