Solved: Re: Static ACL on switches and routers

haithamnofal · ‎01-20-2007

Hi,

I have one question related to static ACL on switches and routers. Let me put a scenarion first before I ask my question, I have a user in one VLAN who wants to access a web server in another VLAN; with firewalls I just need to allow access from the user to the web server and the behaviour will take care of coming back traffic to the user. Now, since switches and routers are nor stateful in behaviour, do I need to configure an explicit rule for the coming back traffic from the web to the user as well?

Thanks,

Haitham

sourabhagarwal · ‎01-20-2007

yes, you need to explicitly permit return traffic from the web server towards users on switches and routers as you mentioned correctly that they are not in stateful in behaviour.

HTH, rate if it does ...

View solution in original post

sourabhagarwal · ‎01-20-2007

yes, you need to explicitly permit return traffic from the web server towards users on switches and routers as you mentioned correctly that they are not in stateful in behaviour.

HTH, rate if it does ...

royalblues · ‎01-20-2007

With traditional access-lists you need to have a explicit return traffic access-list

The New cisco IOS firewall helps you to achieve stateful inspection of the traffic.

Have a look at this link

http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_implementation_design_guide09186a00800fd670.html

HTH, rate if it does

Narayan