Is there any reason a reflexive ACl will not work on a switch port? I see that most examples pertain to routers. We have a 4510 with a Sup 6. I have not tried it yet, but here is the config I came up with :
ip access-list extended internal_acl
permit tcp any any reflect tcptraff
permit udp any any reflect udptraff
permit icmp any any reflect icmptraff
ip access-list extended external_acl
evaluate tcptraff
evaluate udptraff
evaluate icmptraff
deny ip any any
int g1/48
ip access-group internal_acl out
ip access-group external_acl in
Does this look like it will work? Being that the 4510 can't do NAT I need to "hide" what is connected to this particular switch interface. Suggestions?
Poirot