Hi,
I'm setting up an SG-300 and would like to block some traffic with ACLs. While I'm new to cisco products, I was able to easily setup an IP based ACL to restrict certain IPs from accessing specific ports, but my problem is with applying these ACLs to specific protocols. When I add them the protocols are blocked effectively, but I can't seem to allow any traffic to return on a different port. I can't seem to figure out how to apply the ACL to traffic in one direction and allow other ports to send the data back on other ports (ie with ftp). Service using those ports seem to hang. I've even put the switch into Layer 3 mode to see if that would change things, with no luck.
Below is a snippet of my ACL:
ip access-list extended "Webserver port restrictions"
permit icmp any any any any
permit tcp any 20-22 any any
exit
How can I modify this to allow incoming traffic on port 20 to be returned on other ports, but still block those other ports from incoming traffic?
Thanks,