Reflexive ACLs

You can use the reflexive ACL, also known as IP session filtering, to filter network traffic based on IP upper-layer protocol session information. You can use reflexive ACLs to permit only sessions that originate from within your network while denying sessions that originate from outside your network.

You can only define a reflexive ACL through an extended named IP ACL. You cannot use the numbered or standard named IP ACLs with other protocol ACLs. However, you can use reflexive ACLs in conjunction with other standard and static extended ACLs.

Reflexive ACLs are similar to any other ACL that you can use. Reflexive ACLs contain condition statements that you use to define the criteria for permitting IP packets into your network. ...

Get CCIE Practical Studies: Security (CCIE Self-Study) now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.