How to configure a Cisco router reflexive ACL for one way access between network segments

ACLs can limit network traffic and improve network performance.

To protect the security of the internal network, you can allow only the internal network to access the external network and not allow the external network to access the internal network.

This can be achieved by utilizing the Cisco router's reflexive ACL. You need to configure a routing protocol.

1. You can allow two network segments to access each other, and then reject and some IPs can be accessed.

2. You can allow partial IP access, and then deny the two network segments to access each other.

3. ACL should not be able to do one-way access, I have done experiments.

Generally, it can be achieved with Layer 3 devices, such as 2 routers or routers and Layer 2 switches for single-arm routing, which is not available for general home routers, and can be achieved with enterprise-level routers, using the access control list (ACL) access-list 100 deny ip, and then applying it on the router interface or sub-interface.

For details, see Cisco Router ACL Configuration Instructions.

ACL can be realized regardless of whether it is one-way or two-way, and it can be controlled through the port.

There are three ways to do this:

1. Connect to the router, and the gateway of each network segment is the address of the router interface. Use Access Control Lists (ACLs) to control the DENY IP 1 application at the advanced ports connected to the A network segment.

2. Connect the switch and use VLAN isolation. If A and B are on different network segments, they can communicate with each other in different VLANs.

3. If you connect to the Hub (dumb switch), the built-in operating system firewall on the PC can block ICMP packets to achieve mutual access between the two.

1. First click on the computer to open the Cisco software. Prepare two PCs, one server, and three routers, and connect them.

2. Then click on the Destop window of the computer to configure the IP address and gateway of the PC and server.

3. Then in the CLI window of the three routers, configure the IP address of the router.

4. Then according to the port and line direction of the router, use the ip route command to configure the next hop of the router.

5. Then click to enter the run window of the PC and the server, and use the ping command to check the connectivity of the PC and the server, to ensure that the connection is successful.

6. Then go to the server to query the ACL.

7. Enter the port connected to the router and configure the ACL. The test result is that the server cannot be connected, indicating that the ACL configuration is successful.

I don't know what you want, whether you want a principle or a specific configuration?

To configure the specific configuration, you don't give the environment parameters.

The router's intranet can also run the routing protocol, if it is just a router with several different network segments, you do not need to run the routing protocol, because they are all directly connected to the network segment.

In terms of configuration, each intranet interface should be declared as an internal interface, so that the intranet of multiple network segments can be connected to the external network through NAT.