Hi All,
I need to configure some ACLs to restrict inter vlan communication. I also want to permit only accepted IP traffic out of the subnet in question.
Subnet - 192.168.35.0/24
Firewall - 192.168.10.254/24
My draft ACL is as below which i intend to apply to the VLAN. I would be grateful if somebody could cast their eyes over it and sanity check it. The default gateway for this vlan is 192.168.35.254 which routes to my firewall 192.168.10.254 - do I need an ACL line for that IP too?
Inbound Rule
Block all access apart from my management network 192.168.10.0/24
Outbound Rule
Block all traffic out of the network apart from to 192.168.10.5 , 192.168.10.16 , 192.168.10.9
IP access-list extended "PCI ACL List"
REMARK "Rules for Inbound Traffic PCI VLAN"
10 deny ip 0.0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
20 permit ip 192.168.10.0 255.255.255.0 192.168.35.0 255.255.255.0
REMARK "Outbound Traffic PCI VLAN"
40 permit ip 192.168.35.0 255.255.255.0 192.168.10.5 255.255.255.255
41 permit ip 192.168.35.0 255.255.255.0 192.168.10.16 255.255.255.255
42 permit ip 192.168.35.0 255.255.255.0 192.168.10.9 255.255.255.255
Again, do i need a permit ip to 192.168.10.254 (firewall for internet access) ?
Thanks all
No comments:
Post a Comment