cancel
Showing results for 
Search instead for 
Did you mean: 

Ingress ACL Block traffic to Private networks and Enable establish from Private Network

Ingress ACL Block traffic to Private networks and Enable establish from Private Network

marconet_22
New Contributor II

Hi Guys

I am managing and testing an EXOS x435;

Setup:

Ingress ACL to VLAN8 to block all private traffic:

source VLAN8 destination All Private networks 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16

Apply rule to VLAN8 in Ingress (only), everything works.

but

I need to enable establish traffic from private networks to VLAN8.

I tried to set TCP-flags ACK and SYN_ACK but nothing, It doesn't work

Any suggestions?

THIS is the policy:

/*entry vlan8{
if {
source-address 10.5.207.192/27;
destination-address 10.5.207.192/27;
}
then
{
permit;
}
}
entry responsePrivate1{
if match all{
destination-address 10.0.0.0/8;
protocol TCP;
TCP-flags ACK;
}
then
{
permit;
}
}
entry responsePrivate2{
if match all{
destination-address 10.0.0.0/8;
protocol TCP;
TCP-flags SYN_ACK;
}
then
{
permit;
}
}
entry rete10 {
if {
source-address 10.5.207.192/27;
destination-address 10.0.0.0/8;
}
then
{
deny;
}
}
entry rete172 {
if {
source-address 10.5.207.192/24;
destination-address 172.16.0.0/12;
}
then
{
deny;
}
}
entry rete192 {
if {
source-address 10.5.207.192/27;
destination-address 192.168.0.0/16;
}
then
{
deny;
}
}
entry resto {
if {
source-address 10.5.207.192/27;
}
then
{
permit;
}
} */

Marco

0 REPLIES 0
GTM-P2G8KFN