Solved: Hi John,Thank you for your

omer shtivi · ‎08-19-2015

Hello,

Does cisco ISR 4331 support reflexive ACLs?

Is there another feature that will allow us to do allow only RDP through an interface and block incoming traffic but allow the connection of the RDP?

Thanks,

Omer Shtivi

Jon Marshall · ‎08-19-2015

Omer

I had a check of Feature Navigator and couldn't see any mention of reflexive acl support although it is not always entirely accurate in what it tells you.

I suspect if you want stateful inspection you are meant to use ZBFW on those routers.

Jon

View solution in original post

Jon Marshall · ‎08-19-2015

Not sure about reflexive acls but from your description you may be able to do it with normal acls.

What exactly do you want to do ie. in terms of interfaces ?

Jon

omer shtivi · ‎08-19-2015

Hi John,

Thank you for your response.

We can't do it with extended ACLs because we want the routers to do statefull inspection (which normal ACLs are unable to do)

explanation about reflexive ACL:

http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfreflx.html

Omer

Jon Marshall · ‎08-19-2015

Omer

Sorry I should have been clearer.

I know what reflexive acls are, I just wasn't sure if they were supported on the ISR 4331 that's all.

I'll have a quick check.

Jon

Jon Marshall · ‎08-19-2015

Omer

I had a check of Feature Navigator and couldn't see any mention of reflexive acl support although it is not always entirely accurate in what it tells you.

I suspect if you want stateful inspection you are meant to use ZBFW on those routers.

Jon

Reflexive ACLs with cisco ISR4331