Hello there,
I have a question about access lists. We have a simple network topology with 2 x 2811 routers interconnected by their eth0/0 interfaces. We have a development network hanging off the eth0/1 interface of router A and a production network hanging off the eth0/1 interface of router B.
We require hosts on the production network to be able to ssh and http to the development environment. However, we do not want the development machines to initiate connections to the production environment. I have applied an outbound access list on the eth0/0 interface of router B allowing traffic to the development environment. I have also applied an inbound access list on the same interface denying the development vlans any traffic. This seems to be blocking the reply traffic for the connections initiated from teh production environmet - is this expected? How can I allow connections from clients on the production network through to the dev environment but block connections being initiated from the dev environment?
Thanks, Nick