Access-list WAN interface

Unanswered Question

I have a question about a excepion of traffic of the lan. I have set aan access-list al follwing:


ip address dhcp (Public ip adddres dhcp)

ip access-list 100 in


access-list 100 permit tcp any host PUB_IP eq www

If host now want to internet from the secure lan (Connected on Ethernet 0 interface) they cannot comming back on a different port. I use nat with a access-list permit secure lan.

Can i make a exception that al traffic from secure lan what incomming on BVI is permit on a higher port of 1024.

Thus, client make a connection to a website on port 80 and the server connect back on a port higher of 1024. Al other traffic from extern are not permit.

I hope somebody can help.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
bwalchez Wed, 05/09/2007 - 06:22
User Badges:

Yes, you can achieve it by writing a seperate access-lits by permitting the appropriate ports and subnet


This Discussion