Re: Router Configuration

stemaxsin · ‎04-12-2007

I acquired a 2611 (all configurations cleared) and need to set it up between two networks like this:

Eth0/0 (LOCAL): 10.20.30.40/255.255.0.0

Eth0/1 (REMOTE): 192.168.1.22/255.255.255.0

I need to be able to configure the router so that Eth0/0 can send to Eth0/1, but not vice-versa.

I have configured the two interfaces with the appropriate IP addresses and subnets, but I need assistance on the configuration of the reflexive access list between the two interfaces.

Can anyone help me out with the commands necessary to facilitate this configuration?

Thank you.

MUHAMMAD SHAHEEN · ‎04-12-2007

Hi,

This link will help

http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113ed_cr/secur_c/scprt3/screflex.htm

Hope this helps

Shaheen

sundar.palaniappan · ‎04-12-2007

Here's a configuration that would accomplish your requirement. :-) You may have to fine tune it a little bit if you have any other specific requirements

int e0/1

description 'remote'

ip access-group Outbound_ACL out

ip access-group Inbound_ACL in

ip access-list ext Outbound_ACL --> ACL evaluates outbound traffic

permit ip 10.20.0.0 0.0.255.255 any reflect LAN_Traffic --> defines reflexive ACL named LAN_Traffic

ip access-list ext Inbound_ACL

permit --> optional, if you are running any routing protocol on e0/1 then you would need this statement to allow that traffic.

evaluate LAN_Traffic --> the packet will be evaluated against the reflexive access list and permitted if it was originated from the trusted side (e0/0).

HTH

Sundar