Help with an extended ACL

Unanswered Question

I'm working on creating an ACL that will drop unwanted internet traffic from hitting our firewall but still want to allow traffic in from that subnet if we initiate the traffic out.

I have come up with this ACL, will it work?

interface Multilink1

ip access-group web-access-outbound out

ip access-group web-access-inbound in

ip access-group other-web-traffic in


ip access-list extended web-access-outbound

permit ip any any reflect ipoutbound


ip access-list extended web-access-inbound

evaluate ipoutbound

ip access-list extended other-web-traffic deny X.0.0.0 established log

ip access-list extended other-web-traffic permit any

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion