I have to apply an ACL on a interface , so that inside users can access all the traffic but out side users can only ping inside users and can only return the traffic which is generated from inside.
How can i implement this , should i use CBAC feature or Inspection or reflect access list . Also keeping in mind there are some application on the inside interface which are custome made and send traffic on custme port and requires reply on multiple ports.
interface fastethernet 0/1 (Inside interface of the router connectin to the lan)
ip inspect test in
This will allow all communications from inside users to outside users. If the outside users wants to initiatte a connection there got to be an ACL on the outside allowing the communication, if not it would be impossible.
TCP, UDP and ICMP replies by outside users will be accepted by the IOS firewall.
Do rate helpful posts.
Julio Carvajal Senior Network Security and Core Specialist CCIE #42930, 2xCCNP, JNCIP-SEC
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...