to be able to connect to one of my servers in my LAN from the WAN interface, I created static NAT translations. After setting up these translations, I created my firewall configuration. Everything works fine. However, I want to limit the access from the WAN to the local server to a few specified hosts. If I'm right, this should be possible using ACLs. The firewall configuration in SDM indicates for the static NAT translations 'Permit Firewall'. If I select 'Permit ACL' there, I cannot reach the particular server from outside anymore. I checked the ACLs in SDM and found out that there is only one 'Firewall ACL', which consists of 'invalid IP addresses'. This ACL is automatically created by SDM. How can I specify in my router (using SDM) to allow only a few specified to hosts to connect to the server?
thanks for your reply! Your explanation is totally clear to me. Thanks for that. Could you also tell me how to do this using SDM v2.5? I already explained some details about this in my first post. If you want to know something more, please let me know!
to be more complete, you'll have to know the following: in SDM only the following three options can be chosen for a firewall rule: 1) "Permit Firewall", 2) "Permit ACL", 3) "Drop". If I want to limit the access from outside zone to inside zone to specified hosts, I expect to need to use the "Permit ACL" option. I checked in "ACL Editor" option in the "Additional tasks" section (where I can edit ACLs), but there's only one ACL defined (by SDM itself) for the firewall. I would expect to create a new one here, but in the firewall section I cannot choose a particular ACL to be used when "Permit ACL" is chosen.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...