I have a question about a excepion of traffic of the lan. I have set aan access-list al follwing:
BVI 1
ip address dhcp (Public ip adddres dhcp)
ip access-list 100 in
---------------------------------
access-list 100 permit tcp any host PUB_IP eq www
If host now want to internet from the secure lan (Connected on Ethernet 0 interface) they cannot comming back on a different port. I use nat with a access-list permit secure lan.
Can i make a exception that al traffic from secure lan what incomming on BVI is permit on a higher port of 1024.
Thus, client make a connection to a website on port 80 and the server connect back on a port higher of 1024. Al other traffic from extern are not permit.
I hope somebody can help.