Conditions:
1. R1 for intranet router
2. R2 for connecting the internal and external network routing
3. R3 for Extranet routing
Networking requirements:
Intranet can access the external network, but the extranet can not access the intranet.
Principle: reflexive ACL
R1:
Configuring Interface IP
Router (config) #int s0/0
Router (config-if) #ip add 10.1.1.1 255.255.255.0
Router (config-if) #no sh
Configuring Static Routes
Router (config) #ip Route 192.168.1.0 255.255.255.0 10.1.1.2
R2:
Configuring Interface IP
Router (config) #int s0/0
Router (config-if) #ip add 10.1.1.2 255.255.255.0
Router (config-if) #no sh
Router (config-if) #int S0/1
Router (config-if) #ip add 192.168.1.1 255.255.255.0
Router (config-if) #no sh
Create a name-based ACL request that allows intranet access to the extranet and generate a reflexive ACL subkey named AA
Router (config) #ip Access-list extended Request
Router (config-ext-nacl) #permit IP any reflect AA
Create a allow answer packet through routing, ACL name reply, reference entry AA
Router (config) #ip Access-list extended reply
Router (config-ext-nacl) #evaluate AA
Apply the request to the interface s0/0
Router (config) #int s0/0
Router (config-if) #ip Access-group request in
Apply the reply to the interface S0/1
Router (config) #int S0/1
Router (config-if) #ip Access-group reply in
R3:
Configuring Interface IP
Router (config) #int S0/1
Router (config-if) #ip add 192.168.1.2 255.255.255.0
Router (config-if) #no sh
Configuring Static Routes
Router (config-if) #ip Route 10.1.1.0 255.255.255.0 192.168.1.1
This article from "Jiangshan Smoke if Liu" blog, please be sure to keep this source http://45642777.blog.51cto.com/2139502/958187