Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
370
Views
0
Helpful
3
Replies

Implementing reflexive access lists

ngthen
Level 1
Level 1

‎11-30-2010 01:57 PM - edited ‎03-06-2019 02:17 PM

Based on the way my network is configured, I am unable to connect one of my servers directly to a firewall for a DMZ.  I wanting to allow anything coming into the server, but deny where it can go.  For example...

Coming from the server

Permit traffic to Active Directory

Deny traffic to 10.0.0.0 - 10.255.255.255

Deny traffic to 172.16.0.0 - 172.31.255.255

Deny traffic to 192.168.0.0 - 192.168.255.255

Permit remaining traffic destined for the internet

Coming from my network

Permit all traffic to the server (basically to allow users to copy files to it, RDP to it, etc...)

There are some specific legacy applications on this server which I do not what them to have the ability to talk to the rest of the network, however there are Internet devices that need access to them (hence the above rules).  From what I have been reading, this can be accomplished with reflexive access lists.  Can a regular ACL do it instead of reflexive?  If my only choice is reflexive, how would I go about implementing it?

Labels:
0 Helpful
3 Replies 3

Mohamed Sobair
Level 7
Level 7

‎11-30-2010 02:07 PM

Hi,

Is the configuration required to be at a firewall or a router?

Regards,

Mohamed

0 Helpful

ngthen
Level 1
Level 1
In response to Mohamed Sobair

‎11-30-2010 03:03 PM

The configuration needs to be applied to an entire VLAN on a 3750 switch.

0 Helpful

Mohamed Sobair
Level 7
Level 7

‎11-30-2010 02:07 PM

.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card