cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
285
Views
0
Helpful
3
Replies
ngthen
Beginner

Implementing reflexive access lists

Based on the way my network is configured, I am unable to connect one of my servers directly to a firewall for a DMZ.  I wanting to allow anything coming into the server, but deny where it can go.  For example...

Coming from the server

Permit traffic to Active Directory

Deny traffic to 10.0.0.0 - 10.255.255.255

Deny traffic to 172.16.0.0 - 172.31.255.255

Deny traffic to 192.168.0.0 - 192.168.255.255

Permit remaining traffic destined for the internet

Coming from my network

Permit all traffic to the server (basically to allow users to copy files to it, RDP to it, etc...)

There are some specific legacy applications on this server which I do not what them to have the ability to talk to the rest of the network, however there are Internet devices that need access to them (hence the above rules).  From what I have been reading, this can be accomplished with reflexive access lists.  Can a regular ACL do it instead of reflexive?  If my only choice is reflexive, how would I go about implementing it?

3 REPLIES 3
Mohamed Sobair
Rising star

Hi,

Is the configuration required to be at a firewall or a router?

Regards,

Mohamed

The configuration needs to be applied to an entire VLAN on a 3750 switch.

Mohamed Sobair
Rising star

.