Solved: Without Reflexive ACL

AntonyNewbie · ‎07-21-2011

Hi All...

I want to ask some question related with ACL.

There is a vlan Finance in my office. The requrement : Vlan Finance is allow to access internet and selected host/network and not allow to access internal network. But from internal network can access to Vlan Finance (Full access). I want to configure using Reflexive ACL, but from Datasheet 4500 doesn't support Reflexive ACL. Intervlan routing is in 4500.

Is there any ACL configuration to support my requirement without using Reflexive ACL?

Thanks...

Jon Marshall · ‎07-21-2011

Antony

Unfortunately this is a job for reflexive acls as i suspect you know. If you need restrict finance from accessing the LAN but allow LAN to access finance you really do need reflexive acls or a stateful firewall either an ASA or a router running CBAC.

If the connections were only TCP you may be able to use the "established" keyword if the 4500 supports it but that won't help with non-TCP connections.

Jon

View solution in original post

Jon Marshall · ‎07-21-2011

Antony

Unfortunately this is a job for reflexive acls as i suspect you know. If you need restrict finance from accessing the LAN but allow LAN to access finance you really do need reflexive acls or a stateful firewall either an ASA or a router running CBAC.

If the connections were only TCP you may be able to use the "established" keyword if the 4500 supports it but that won't help with non-TCP connections.

Jon