×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

ACL INBOUND with Inspection

Unanswered Question
Dec 29th, 2011
User Badges:

I have to apply an ACL on a interface , so that inside users can access all the traffic but out side users can only ping inside users and can only return the traffic which is generated from inside.


How can i implement this , should i use CBAC feature or Inspection or reflect access list . Also keeping in mind there are some application on the inside interface which are custome made and send traffic on custme port and requires reply on multiple ports.





LAN(Indise) --------10.10.10.0\24----------Router-------------------192.168.1.0\24---------LAN(Outside)

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Julio Carvajal Thu, 12/29/2011 - 10:01
User Badges:
  • Purple, 4500 points or more

Hello,


Lets use CBAC


Ip inspect name test ICMP router-traffic

ip inspect name test tcp

ip inspect name test udp


interface fastethernet 0/1 (Inside interface of the router connectin to the lan)

ip inspect test in


This will allow all communications from inside users to outside users. If the outside users wants to initiatte a connection there got to be an ACL on the outside allowing the communication, if not it would be impossible.

TCP, UDP and ICMP replies by outside users will be accepted by the IOS firewall.


Do rate helpful posts.


Julio

Actions

This Discussion