Basic ACL Help with EOS on a SSA 150
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
06-22-2015 10:23 AM
Hello,
due to a Company policy i have to use a SSA 150 as a central Routing Switching System with NAT & Basic Firewall.
I have created Static & Dynamic Nat Rules and all works fine .. now i have to secure the Server vlan with an ACL.
I ́m not so familiar with ACL and perhaps you can help me with an example :
Konfig :
Internal Network : 5 VLANS with 172.16.X.0 /24
Public Network : 195.37.81 /24 (Example )
VLAN 30 for the Server : 172.16.199.0/24
I Need a ACL for the VLAN 30 with contain the following :
- Rule 1 : everybody from internal Network can Access all from VLAN 30
Permit ip 172.16.0.0 0.0.255.255 any ( correct ? )
Rule 3 : all other Public IP ́s can Access the VLAN 30 ( Static NAT Rules )
Permit ip 195.37.81.0 0.255.255.255 any
- Rule 3 all from outside the world can Access the Webserver on Port 80 on Host 172.16.99.150
??????
- Rule 4 only Host 80.150.248.88 (Example) can acccess the Port: 3389 on Host 172.16.99.150
?????
of course i need a bunch of Rules like 3 or 4 .. but with one example from you .. i would complete this ...
Many THX for Help
due to a Company policy i have to use a SSA 150 as a central Routing Switching System with NAT & Basic Firewall.
I have created Static & Dynamic Nat Rules and all works fine .. now i have to secure the Server vlan with an ACL.
I ́m not so familiar with ACL and perhaps you can help me with an example :
Konfig :
Internal Network : 5 VLANS with 172.16.X.0 /24
Public Network : 195.37.81 /24 (Example )
VLAN 30 for the Server : 172.16.199.0/24
I Need a ACL for the VLAN 30 with contain the following :
- Rule 1 : everybody from internal Network can Access all from VLAN 30
Permit ip 172.16.0.0 0.0.255.255 any ( correct ? )
Rule 3 : all other Public IP ́s can Access the VLAN 30 ( Static NAT Rules )
Permit ip 195.37.81.0 0.255.255.255 any
- Rule 3 all from outside the world can Access the Webserver on Port 80 on Host 172.16.99.150
??????
- Rule 4 only Host 80.150.248.88 (Example) can acccess the Port: 3389 on Host 172.16.99.150
?????
of course i need a bunch of Rules like 3 or 4 .. but with one example from you .. i would complete this ...
Many THX for Help
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
06-22-2015 04:38 PM
thx .. meanwhile i have read something bout the difference between IN and OUTBOUND ... Access Lists .. i have a lapse of thought about this ... perhaps i will find a doc .. that descibes this absolutely clear
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
06-22-2015 12:27 PM
Assuming the ACL is outbound on vlan 30 than the first rules are correct.
To permit all host on port 80 to one server
permit tcp any host 172.16.99.150 eq 80
For sprcific host
permit tcp Host 80.150.248.88 Host 172.16.99.150 eq 3389
????
Use the folowing article for guidance.
https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-ACL-to-permit-through-two...
To permit all host on port 80 to one server
permit tcp any host 172.16.99.150 eq 80
For sprcific host
permit tcp Host 80.150.248.88 Host 172.16.99.150 eq 3389
????
Use the folowing article for guidance.
https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-ACL-to-permit-through-two...
