Router Configuration

Unanswered Question
Apr 12th, 2007
User Badges:

I acquired a 2611 (all configurations cleared) and need to set it up between two networks like this:


Eth0/0 (LOCAL): 10.20.30.40/255.255.0.0

Eth0/1 (REMOTE): 192.168.1.22/255.255.255.0


I need to be able to configure the router so that Eth0/0 can send to Eth0/1, but not vice-versa.


I have configured the two interfaces with the appropriate IP addresses and subnets, but I need assistance on the configuration of the reflexive access list between the two interfaces.


Can anyone help me out with the commands necessary to facilitate this configuration?


Thank you.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sundar.palaniappan Thu, 04/12/2007 - 14:26
User Badges:
  • Green, 3000 points or more

Here's a configuration that would accomplish your requirement. :-) You may have to fine tune it a little bit if you have any other specific requirements



int e0/1

description 'remote'

ip access-group Outbound_ACL out

ip access-group Inbound_ACL in


ip access-list ext Outbound_ACL --> ACL evaluates outbound traffic

permit ip 10.20.0.0 0.0.255.255 any reflect LAN_Traffic --> defines reflexive ACL named LAN_Traffic


ip access-list ext Inbound_ACL

permit --> optional, if you are running any routing protocol on e0/1 then you would need this statement to allow that traffic.

evaluate LAN_Traffic --> the packet will be evaluated against the reflexive access list and permitted if it was originated from the trusted side (e0/0).


HTH


Sundar

Actions

This Discussion