Basic ACL Help with EOS on a SSA 150

  • 0
  • 1
  • Question
  • Updated 3 years ago
  • Answered
  • (Edited)

Hello,

due to a Company policy i have to use a SSA 150 as a central Routing Switching System with NAT & Basic Firewall.

I have created Static & Dynamic Nat Rules and all works fine .. now i have to secure the Server vlan with an ACL.

I ́m not so familiar with ACL and perhaps you can help me with an example :


Konfig :

Internal Network :  5 VLANS with 172.16.X.0 /24

Public Network : 195.37.81 /24  (Example )

VLAN 30 for the Server : 172.16.199.0/24


I Need a ACL for the VLAN 30  with contain the following :

- Rule 1   :  everybody from internal Network can Access all from VLAN 30

Permit ip 172.16.0.0 0.0.255.255 any    ( correct ? )

Rule 3    : all other Public IP ́s can Access the VLAN 30 ( Static NAT Rules )

Permit ip 195.37.81.0 0.255.255.255 any

- Rule 3  all from outside the world can Access the Webserver on Port 80 on Host 172.16.99.150

??????

- Rule 4 only Host 80.150.248.88 (Example) can acccess the Port: 3389 on Host 172.16.99.150

?????


of course i need a bunch of Rules like 3 or 4 .. but with one example from you .. i would complete this ...

Many THX for Help

Photo of info@systemhaus-genthin.de

Posted 3 years ago

  • 0
  • 1
Photo of French, Luke

French, Luke, Employee

  • 754 Points 500 badge 2x thumb
Assuming the ACL is outbound on vlan 30 than the first rules are correct.

To permit all host  on port 80 to one server
permit tcp   any  host  172.16.99.150 eq 80

For sprcific host
permit tcp  Host 80.150.248.88   Host 172.16.99.150 eq 3389

????
Use the folowing article for  guidance.

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-ACL-to-permit-through-two...

(Edited)
thx .. meanwhile i have read something bout the difference between IN and OUTBOUND ... Access Lists .. i have a lapse of thought about this ... perhaps i will find a doc .. that descibes this absolutely clear