CLASSIC IOS TRANSPARENT Firewall
VLAN23 users are only allowed to initiating FTP, HTTP and DNS connections to the serves on VLAN 100 and not allowed to access VLAN13.
Sol guide has following as a solution for this task.
ip access-list extended OUTSIDE_IN
permit ip any 10.0.0.0 0.0.0.255
deny ip any any log
interface FastEthernet 0/1.23
ip access-group OUTSIDE_IN in
ip inspect DMZ_PROTOCOLS in
bridge-group 1 input-type-list 201 (for ipv6 only)
All the interfaces are in same layer 3 network 10.0.0.0/24. This will not block the access from VLAN 23 to VLAN 13.Any one else agree to this? If yes then how can we acheive the requirments?