04-13-2024 03:21 AM
Good afternoon,
04-13-2024 04:28 AM
its all depends on the devices where you apply - Router/ Switch or Firewall
Firewalls are statefull
Router and Switches are stateless.
Single as per your requirement only source can initiate the traffic to outside, (outside can not initiate the traffic back which will be denied.)
example if you like return traffic on router you can use established command to allow already intiated connection inside to outside:
more command syntax :
https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html
04-13-2024 05:31 AM
Hello mohansingh2015knp,
Already mentioned......it's besed on where you want to create...Router/Switch(L3) or Firewall.
Based on image you provided...I understand that the requirement to create an Extended ACL. The Extended ACL's should be configured closure to the source. so, You will be needed to impliment on the Source Interface in inbound direction.
Here is the sample configuration:
access-list 101 permit tcp host 10.206.213.131 10.0.0.0 0.255.255.255
access-list 101 permit tcp host 10.206.213.132 10.0.0.0 0.255.255.255
Interface Gigx/x
ip access-group 101 in
Best regards
******* If This Helps, Please Rate *******
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide