11-30-2010 01:57 PM - edited 03-06-2019 02:17 PM
Based on the way my network is configured, I am unable to connect one of my servers directly to a firewall for a DMZ. I wanting to allow anything coming into the server, but deny where it can go. For example...
Coming from the server
Permit traffic to Active Directory
Deny traffic to 10.0.0.0 - 10.255.255.255
Deny traffic to 172.16.0.0 - 172.31.255.255
Deny traffic to 192.168.0.0 - 192.168.255.255
Permit remaining traffic destined for the internet
Coming from my network
Permit all traffic to the server (basically to allow users to copy files to it, RDP to it, etc...)
There are some specific legacy applications on this server which I do not what them to have the ability to talk to the rest of the network, however there are Internet devices that need access to them (hence the above rules). From what I have been reading, this can be accomplished with reflexive access lists. Can a regular ACL do it instead of reflexive? If my only choice is reflexive, how would I go about implementing it?
11-30-2010 02:07 PM
Hi,
Is the configuration required to be at a firewall or a router?
Regards,
Mohamed
11-30-2010 03:03 PM
The configuration needs to be applied to an entire VLAN on a 3750 switch.
11-30-2010 02:07 PM
.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide