发布时间:2013-10-23
点击量:2195默认非自反ACL
典型应用场景:在外网口应用ACL,放通必要的端口,最后一条ACL条目为deny ip any any;此时就必须在内网口应用permit ip 内网网段 any的ACL条目,保证内网用户发起的数据流能正常回流;
配置举例:
ip access-list extended WAN //外网口ACL
10 permit icmp any any
20 permit tcp any any eq telnet
30 deny ip any any
ip access-list extended LAN //内网口ACL
10 deny tcp any any eq 135
20 deny tcp any any eq 136
30 deny tcp any any eq 137
40 permit ip any any
interface GigabitEthernet 0/1
ip nat outside
ip access-group WAN in
interface GigabitEthernet 0/0
ip nat inside
ip access-group LAN in reflect
