Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ACL INBOUND with Inspection

I have to apply an ACL on a interface , so that inside users can access all the traffic but out side users can only ping inside users and can only return the traffic which is generated from inside.

How can i implement this , should i use CBAC feature or Inspection or reflect access list . Also keeping in mind there are some application on the inside interface which are custome made and send traffic on custme port and requires reply on multiple ports.

LAN(Indise) --------10.10.10.0\24----------Router-------------------192.168.1.0\24---------LAN(Outside)

1 REPLY

ACL INBOUND with Inspection

Hello,

Lets use CBAC

Ip inspect name test ICMP router-traffic

ip inspect name test tcp

ip inspect name test udp

interface fastethernet 0/1 (Inside interface of the router connectin to the lan)

ip inspect test in

This will allow all communications from inside users to outside users. If the outside users wants to initiatte a connection there got to be an ACL on the outside allowing the communication, if not it would be impossible.

TCP, UDP and ICMP replies by outside users will be accepted by the IOS firewall.

Do rate helpful posts.

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
196
Views
0
Helpful
1
Replies
CreatePlease to create content