Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Access-list WAN interface

I have a question about a excepion of traffic of the lan. I have set aan access-list al follwing:

BVI 1

ip address dhcp (Public ip adddres dhcp)

ip access-list 100 in

---------------------------------

access-list 100 permit tcp any host PUB_IP eq www

If host now want to internet from the secure lan (Connected on Ethernet 0 interface) they cannot comming back on a different port. I use nat with a access-list permit secure lan.

Can i make a exception that al traffic from secure lan what incomming on BVI is permit on a higher port of 1024.

Thus, client make a connection to a website on port 80 and the server connect back on a port higher of 1024. Al other traffic from extern are not permit.

I hope somebody can help.

1 REPLY
New Member

Re: Access-list WAN interface

Yes, you can achieve it by writing a seperate access-lits by permitting the appropriate ports and subnet

198
Views
0
Helpful
1
Replies
CreatePlease login to create content