M and MSM Series
cancel
Showing results for 
Search instead for 
Did you mean: 

Public Access Attributes and ACL question?

 
Highlighted
Cajuntank MS
Valued Contributor

Public Access Attributes and ACL question?

Ok, here's my basic setup. I have a MSM765 mobility controller with an access controlled VSC using HTML authentication for guests. I am using the Internet port for this traffic which in turn is on a DMZ off of my firewall. I have firewall and NAT turned off on the MSM controller. My LAN port is being used for another VSC (not access controlled)  for my internal LAN and I have a ACL on the controller that denies that subnet. So something like:

 

factory, DENY, all, 10.0.0.0/16,all

 

This config works great for me with the exception of I need to provide access to my email server over 443 on my LAN. I created another ACL

 

factory, ACCEPT, all, 10.1.1.10/32, all

 

and placed it before the DENY statement above (I was using "all" to keep it plain before I specified tcp and 443 for protocol and port; however, while I could ping the server, I could not browse to it. The email server is using a public certificate from Digicert and I mention this just because of some reading that maybe I might need to import their certificate chain into the controller? Anyway, if anyone can point me in the right direction, that would help.

 

Thanks.