Commit defb2ce2 authored by Theo Maillart's avatar Theo Maillart

Working ACL

parent aa12ad71
......@@ -53,48 +53,38 @@ write memory
! filtering
!! allow icmp/http/ssh/ftp to outside
access-list 101 permit icmp 10.0.83.0 0.0.0.255 any echo
access-list 102 permit tcp any any eq 80
access-list 103 permit tcp any any eq 22
access-list 104 permit tcp any any eq 21
access-list 105 deny ip any any log
access-list 101 permit tcp any any eq 80
access-list 101 permit tcp any any eq 22
access-list 101 permit tcp any any eq 21
access-list 101 deny ip any any log
access-list 106 permit tcp any any established
access-list 107 permit udp any any established
access-list 108 permit icmp any any echo-reply
access-list 102 permit tcp any any established
access-list 102 permit udp any any
access-list 102 permit icmp any any echo-reply
access-list 102 deny ip any any log
int vlan 83
ip access-group 101 out
ip access-group 102 out
ip access-group 103 out
ip access-group 104 out
ip access-group 105 out
ip access-group 101 in
ip access-group 106 in
ip access-group 107 in
ip access-group 108 in
ip access-group 105 in
ip access-group 102 out
!! ACL for vlan_pers
access-list 111 permit icmp 10.0.83.0 0.0.0.255 10.0.82.0 0.0.0.255 echo
access-list 112 permit tcp any 10.0.82.3 0.0.0.255 eq 80
access-list 113 permit tcp any 10.0.82.3 0.0.0.255 eq 22
access-list 114 permit tcp any 10.0.82.3 0.0.0.255 eq 21
access-list 103 permit icmp 10.0.83.0 0.0.0.255 10.0.82.0 0.0.0.255 echo
access-list 103 permit tcp any 10.0.82.3 0.0.0.255 eq 80
access-list 103 permit tcp any 10.0.82.3 0.0.0.255 eq 22
access-list 103 permit tcp any 10.0.82.3 0.0.0.255 eq 21
access-list 103 deny ip any any log
access-list 116 permit tcp any any established
access-list 117 permit udp any any established
access-list 118 permit icmp any any echo-reply
access-list 104 permit tcp any any established
access-list 104 permit udp any any
access-list 104 permit icmp any any echo-reply
access-list 104 deny ip any any log
int vlan 82
ip access-group 111 in
ip access-group 112 in
ip access-group 113 in
ip access-group 114 in
ip access-group 105 in
ip access-group 116 out
ip access-group 117 out
ip access-group 118 out
ip access-group 105 out
ip access-group 103 out
ip access-group 104 in
! PAT
ip nat inside source static tcp 10.0.83.1 3128 10.0.82.3 80
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment