Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACL configuration on 3750

Hi. I have the next situation: some device "Comp A" is connected to the Router and it is in Vlan 40. I made some restrictions to access by the next ACL's:

Comp A <-------VLAN40----->Router<---Some NEtwork---->

Copm A: 10.195.192.2

Router(Vlan40): 10.195.192.1

ip access-list extended munbank-in

permit tcp host 10.195.192.2 eq 580 host 10.195.35.1

permit tcp host 10.195.192.2 eq 580 host 10.195.1.2

permit icmp host 10.195.192.2 host 10.195.9.25

permit icmp host 10.195.192.2 host 10.195.1.2

deny ip any any

ip access-list extended munbank-out

permit tcp host 10.195.35.1 host 10.195.192.2 eq 580

permit tcp host 10.195.1.2 host 10.195.192.2 eq 580

permit icmp host 10.195.9.25 host 10.195.192.2

permit icmp host 10.195.1.2 host 10.195.192.2

deny ip any any

interface Vlan40

ip address 10.195.192.1 255.255.255.252

ip access-group munbank-in in

ip access-group munbank-out out

Now I need to configure almost the same access conditions, but with one requirement: hosts 10.195.35.1, 10.195.1.2, 10.195.9.25 must have access to the "Comp A", but "Comp A" must not have any access. So the thing is that need to configure some one-way communication. How to solve it?

PS Thanks a lot for such forum!

1 REPLY
Gold

Re: ACL configuration on 3750

host 10.195.35.1, 10.195.1.2, and 10.195.9.25 are able to initiate a connection, and comp a to reply to the request; but comp a will not be able to initiate a connection to those three hosts.

assuming this is the case, then i guess the feature you are after is cbac, the firewall feature set for ios.

with cbac, you can configure the router to accept only return traffic but not to initiate any connection.

300
Views
0
Helpful
1
Replies
CreatePlease to create content