Server 10.15.8.244 -- C7204 Firewall ACL's (10.115.28.1) -- 10.115.28.20 Proxy -- 10.115.28.3 and 10.115.28.4 PC's.
Set up Firewall ACL's to let 10.115.28.x ping 10.15.8.x, but should not be able communicate in any other way to 10.15.8.x....but 10.15.8.244 should talk to 10.115.28.40
See config below...
int for 7204
interface FastEthernet0/0
ip address 10.115.28.1 255.255.255.0
ip access-group 102 in
ip access-group 103 out
ip nat outside
access-list 102 permit tcp host 10.15.12.40 host 10.115.28.20 eq www
access-list 102 permit tcp host 10.115.28.3 10.15.0.0 0.0.255.255 eq www
access-list 102 permit tcp host 10.115.28.3 10.15.0.0 0.0.255.255 eq 443
access-list 102 permit tcp host 10.115.28.3 10.115.0.0 0.0.255.255 eq www
access-list 102 permit tcp host 10.115.28.3 10.115.0.0 0.0.255.255 eq 443
access-list 102 permit tcp host 10.115.28.4 10.15.0.0 0.0.255.255 eq www
access-list 102 permit tcp host 10.115.28.4 10.15.0.0 0.0.255.255 eq 443
access-list 102 permit tcp host 10.115.28.4 10.115.0.0 0.0.255.255 eq www
access-list 102 permit tcp host 10.115.28.4 10.115.0.0 0.0.255.255 eq 443
access-list 102 permit icmp 10.0.0.0 0.255.255.255 any
access-list 102 permit tcp any 10.0.0.0 0.255.255.255 established
access-list 103 permit icmp 10.0.0.0 0.255.255.255 any
access-list 103 permit tcp 10.115.28.20 255.255.255.255 host 10.15.8.240 eq 80
access-list 103 permit tcp host 10.115.28.3 host 10.115.28.20 eq 80
access-list 103 permit tcp host 10.115.28.4 host 10.115.28.20 eq 80
access-list 103 permit tcp host 10.115.28.20 host 10.115.28.3 established
access-list 103 permit tcp host 10.115.28.20 host 10.115.28.4 established
access-list 103 permit tcp any 10.0.0.0 0.255.255.255 established
Set up Firewall ACL's to let 10.115.28.x ping 10.15.8.x, but should not be able communicate in any other way to 10.15.8.x....but 10.15.8.244 should talk to 10.115.28.40
See config below...
int for 7204
interface FastEthernet0/0
ip address 10.115.28.1 255.255.255.0
ip access-group 102 in
ip access-group 103 out
ip nat outside
access-list 102 permit tcp host 10.15.12.40 host 10.115.28.20 eq www
access-list 102 permit tcp host 10.115.28.3 10.15.0.0 0.0.255.255 eq www
access-list 102 permit tcp host 10.115.28.3 10.15.0.0 0.0.255.255 eq 443
access-list 102 permit tcp host 10.115.28.3 10.115.0.0 0.0.255.255 eq www
access-list 102 permit tcp host 10.115.28.3 10.115.0.0 0.0.255.255 eq 443
access-list 102 permit tcp host 10.115.28.4 10.15.0.0 0.0.255.255 eq www
access-list 102 permit tcp host 10.115.28.4 10.15.0.0 0.0.255.255 eq 443
access-list 102 permit tcp host 10.115.28.4 10.115.0.0 0.0.255.255 eq www
access-list 102 permit tcp host 10.115.28.4 10.115.0.0 0.0.255.255 eq 443
access-list 102 permit icmp 10.0.0.0 0.255.255.255 any
access-list 102 permit tcp any 10.0.0.0 0.255.255.255 established
access-list 103 permit icmp 10.0.0.0 0.255.255.255 any
access-list 103 permit tcp 10.115.28.20 255.255.255.255 host 10.15.8.240 eq 80
access-list 103 permit tcp host 10.115.28.3 host 10.115.28.20 eq 80
access-list 103 permit tcp host 10.115.28.4 host 10.115.28.20 eq 80
access-list 103 permit tcp host 10.115.28.20 host 10.115.28.3 established
access-list 103 permit tcp host 10.115.28.20 host 10.115.28.4 established
access-list 103 permit tcp any 10.0.0.0 0.255.255.255 established