configure terminal
ip access-list extended ACL_entrant_DMZ
permit udp any any eq 1985
permit ospf any any
permit tcp 10.0.0.0 0.240.255.255 host 10.38.0.25 eq 22
permit tcp any host 10.38.0.17 eq www
permit tcp any host 10.38.0.17 eq 443
permit tcp any host 10.38.0.18 eq www
permit tcp any host 10.38.0.18 eq 443
permit tcp 10.0.0.0 0.240.255.255 10.10.0.0 0.240.255.255 eq 135
permit tcp 10.0.0.0 0.240.255.255 10.10.0.0 0.240.255.255 eq 389
permit tcp 10.0.0.0 0.240.255.255 10.10.0.0 0.240.255.255 eq 636
permit tcp 10.0.0.0 0.240.255.255 10.10.0.0 0.240.255.255 eq 3268
permit tcp 10.0.0.0 0.240.255.255 10.10.0.0 0.240.255.255 eq 3269
permit tcp 10.0.0.0 0.240.255.255 10.10.0.0 0.240.255.255 eq domain
permit tcp 10.0.0.0 0.240.255.255 10.10.0.0 0.240.255.255 eq 88
permit tcp 10.0.0.0 0.240.255.255 10.10.0.0 0.240.255.255 eq 445
permit tcp 10.0.0.0 0.240.255.255 10.10.0.0 0.240.255.255 eq 1024
permit tcp 10.0.0.0 0.240.255.255 10.10.0.0 0.240.255.255 eq 8531
permit tcp 10.0.0.0 0.240.255.255 10.10.0.0 0.240.255.255 eq 8530
interface gigabitethernet 2/0
ip access-group ACL_entrant_DMZ out
end
write
configure terminal
ip access-list extended ACL_Entrante_LAN
deny tcp any any eq 21
deny tcp any any eq 20
permit udp any any eq 1985
permit ospf any any
permit tcp 10.0.0.0 0.240.255.255 host 10.38.16.200 eq 22
permit tcp 10.0.0.0 0.240.255.255 host 10.38.16.201 eq 22
permit tcp 10.0.0.0 0.240.255.255 host 10.38.16.202 eq 22
permit tcp 10.0.0.0 0.240.255.255 host 10.38.16.203 eq 22
permit tcp 10.0.0.0 0.240.255.255 host 10.38.16.204 eq 22
permit tcp 10.0.0.0 0.240.255.255 host 10.10.10.2 eq 22
permit tcp 10.0.0.0 0.240.255.255 host 11.11.11.2 eq 22
permit tcp host 10.38.0.18 host 10.38.16.13 eq 6180 
permit tcp host 10.38.0.18 host 10.38.16.13 eq 22
permit tcp host 10.38.0.18 host 10.38.16.13 eq 443
permit tcp host 10.38.0.18 host 10.38.16.13 eq 80
permit tcp host 10.38.0.18 host 10.38.16.13 eq 10003
permit tcp host 10.38.0.18 host 10.38.16.13 eq 6443
permit tcp host 10.38.0.18 host 10.38.16.13 eq 6180 
permit tcp host 10.38.0.17 host 10.38.16.14 eq 8531
permit tcp host 10.38.0.17 host 10.38.16.14 eq 8530
permit icmp any any
permit tcp any any eq www
permit tcp any any eq 443
permit tcp 10.0.0.0 0.240.255.255 10.10.0.0 0.240.255.255 eq 135
permit tcp 10.0.0.0 0.240.255.255 10.10.0.0 0.240.255.255 eq 389
permit tcp 10.0.0.0 0.240.255.255 10.10.0.0 0.240.255.255 eq 636
permit tcp 10.0.0.0 0.240.255.255 10.10.0.0 0.240.255.255 eq 3268
permit tcp 10.0.0.0 0.240.255.255 10.10.0.0 0.240.255.255 eq 3269
permit tcp 10.0.0.0 0.240.255.255 10.10.0.0 0.240.255.255 eq domain
permit tcp 10.0.0.0 0.240.255.255 10.10.0.0 0.240.255.255 eq 88
permit tcp 10.0.0.0 0.240.255.255 10.10.0.0 0.240.255.255 eq 445
permit tcp 10.0.0.0 0.240.255.255 10.10.0.0 0.240.255.255 eq 1024
permit tcp 10.0.0.0 0.240.255.255 10.10.0.0 0.240.255.255 eq 137
permit tcp 10.0.0.0 0.240.255.255 10.10.0.0 0.240.255.255 eq 138
permit tcp 10.0.0.0 0.240.255.255 10.10.0.0 0.240.255.255 eq 139
permit tcp 10.0.0.0 0.240.255.255 10.10.0.0 0.240.255.255 eq 3306
permit tcp 10.0.0.0 0.240.255.255 10.10.0.0 0.240.255.255 eq 5669
permit tcp 10.0.0.0 0.240.255.255 10.10.0.0 0.240.255.255 eq 9000
permit tcp 10.0.0.0 0.240.255.255 10.10.0.0 0.240.255.255 eq 9200
permit tcp 10.0.0.0 0.240.255.255 10.10.0.0 0.240.255.255 eq 9300
interface gigabitethernet 3/0
ip access-group ACL_entrant_LAN out
end
write
configure terminal
ip access-list extended ACL_Entrante_Site
deny tcp any any eq 21
deny tcp any any eq 20
permit udp any any eq 1985
permit ospf any any
permit tcp 10.0.0.0 0.240.255.255 host 10.38.16.200 eq 22
permit tcp 10.0.0.0 0.240.255.255 host 10.38.16.201 eq 22
permit tcp 10.0.0.0 0.240.255.255 host 10.38.16.202 eq 22
permit tcp 10.0.0.0 0.240.255.255 host 10.38.16.203 eq 22
permit tcp 10.0.0.0 0.240.255.255 host 10.38.16.204 eq 22
permit tcp 10.0.0.0 0.240.255.255 host 10.10.10.2 eq 22
permit tcp 10.0.0.0 0.240.255.255 host 11.11.11.2 eq 22
permit icmp any any
permit tcp any any eq www
permit tcp any any eq 443
permit tcp 10.0.0.0 0.240.255.255 10.10.0.0 0.240.255.255 eq 135
permit tcp 10.0.0.0 0.240.255.255 10.10.0.0 0.240.255.255 eq 389
permit tcp 10.0.0.0 0.240.255.255 10.10.0.0 0.240.255.255 eq 636
permit tcp 10.0.0.0 0.240.255.255 10.10.0.0 0.240.255.255 eq 3268
permit tcp 10.0.0.0 0.240.255.255 10.10.0.0 0.240.255.255 eq 3269
permit tcp 10.0.0.0 0.240.255.255 10.10.0.0 0.240.255.255 eq domain
permit tcp 10.0.0.0 0.240.255.255 10.10.0.0 0.240.255.255 eq 88
permit tcp 10.0.0.0 0.240.255.255 10.10.0.0 0.240.255.255 eq 445
permit tcp 10.0.0.0 0.240.255.255 10.10.0.0 0.240.255.255 eq 1024
permit tcp 10.0.0.0 0.240.255.255 10.10.0.0 0.240.255.255 eq 137
permit tcp 10.0.0.0 0.240.255.255 10.10.0.0 0.240.255.255 eq 138
permit tcp 10.0.0.0 0.240.255.255 10.10.0.0 0.240.255.255 eq 139
permit tcp 10.0.0.0 0.240.255.255 10.10.0.0 0.240.255.255 eq 3306
permit tcp 10.0.0.0 0.240.255.255 10.10.0.0 0.240.255.255 eq 5669
permit tcp 10.0.0.0 0.240.255.255 10.10.0.0 0.240.255.255 eq 9000
permit tcp 10.0.0.0 0.240.255.255 10.10.0.0 0.240.255.255 eq 9200
permit tcp 10.0.0.0 0.240.255.255 10.10.0.0 0.240.255.255 eq 9300
permit tcp 10.0.0.0 0.240.255.255 10.10.0.0 0.240.255.255 eq 8531
permit tcp 10.0.0.0 0.240.255.255 10.10.0.0 0.240.255.255 eq 8530
interface se0/0
ip access-group ACL_entrant_Site in
end
write