Access-list WAN interface

Unanswered Question

I have a question about a excepion of traffic of the lan. I have set aan access-list al follwing:

BVI 1

ip address dhcp (Public ip adddres dhcp)

ip access-list 100 in

---------------------------------

access-list 100 permit tcp any host PUB_IP eq www

If host now want to internet from the secure lan (Connected on Ethernet 0 interface) they cannot comming back on a different port. I use nat with a access-list permit secure lan.

Can i make a exception that al traffic from secure lan what incomming on BVI is permit on a higher port of 1024.

Thus, client make a connection to a website on port 80 and the server connect back on a port higher of 1024. Al other traffic from extern are not permit.

I hope somebody can help.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
bwalchez Wed, 05/09/2007 - 06:22

Yes, you can achieve it by writing a seperate access-lits by permitting the appropriate ports and subnet

Actions

This Discussion