Hi Mike,
Not a Cisco solution, but you might look into a
pfsense/opnsense/ipfire/whatever appliance - either physical or
virtual. Even a UBNT edgerouter can do basic stateful stuff if you have
one lying around.
All of these are inexpensive and (probably?) do what you need done. The
first few you can install into a VM to play with by downloading an ISO.
The edgerouter you'd have to fake with vyos/vyatta.
Tim
On 9/14/20 7:17 PM, Mike wrote:
Hello,
I have some gear that needs a public ip, but does not have the best
security profile, and I want to put up an ACL that only permits this
gear to make outbound connections while dropping all inbound. My router
is an ASR920 running IOS-XE 03.17.03.S. Does anyone have a simple
copy/paste acl for this type of job?
Thank you.
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
