{"id":247,"date":"2026-05-02T18:15:45","date_gmt":"2026-05-02T16:15:45","guid":{"rendered":"https:\/\/eryann.fr\/?p=247"},"modified":"2026-05-03T00:05:16","modified_gmt":"2026-05-02T22:05:16","slug":"fiche-acl-et-nat-cisco-segmentation-dmz-publication-web","status":"publish","type":"post","link":"https:\/\/eryann.fr\/index.php\/cisco\/fiche-acl-et-nat-cisco-segmentation-dmz-publication-web\/","title":{"rendered":"Fiche \u2013 ACL et NAT Cisco (segmentation + DMZ\/publication web)"},"content":{"rendered":"\n

Dans un contexte BTS CIEL \/ SIO, les ACL Cisco permettent de contr\u00f4ler les communications entre plusieurs r\u00e9seaux. Elles sont utilis\u00e9es pour segmenter un r\u00e9seau, limiter les acc\u00e8s entre VLAN et autoriser uniquement les flux n\u00e9cessaires.<\/p>\n\n\n\n

Cette fiche pr\u00e9sente un cas pratique avec plusieurs VLAN en \/27. L\u2019objectif est de comprendre o\u00f9 placer les ACL, pourquoi il ne faut pas appliquer la m\u00eame ACL partout, et comment autoriser les utilisateurs \u00e0 acc\u00e9der \u00e0 un serveur web interne sans bloquer les r\u00e9ponses du serveur.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Objectif du filtrage<\/h2>\n\n\n\n
VLAN<\/th>R\u00e9seau<\/th>R\u00f4le<\/th>Acc\u00e8s autoris\u00e9s<\/th><\/tr><\/thead>
VLAN 10<\/td>172.16.0.32\/27<\/td>Utilisateurs 1<\/td>Serveur web + Internet
Non autoris\u00e9 depuis utilisateurs<\/td><\/tr>
VLAN 20<\/td>172.16.0.64\/27<\/td>Utilisateurs 2<\/td>Serveur web + Internet
Non autoris\u00e9 depuis utilisateurs<\/td><\/tr>
VLAN 30<\/td>172.16.0.96\/27<\/td>Serveurs<\/td>Accessible en HTTP\/HTTPS<\/td><\/tr>
VLAN 40<\/td>172.16.0.128\/27<\/td>Autre VLAN interne<\/td>Non autoris\u00e9 depuis utilisateurs<\/td><\/tr>
VLAN 99<\/td>172.16.0.160\/27<\/td>Administration<\/td>Acc\u00e8s partout<\/td><\/tr>
WAN<\/td>192.168.16.0\/28<\/td>Acc\u00e8s Internet<\/td>Acc\u00e8s HTTP\/HTTPS vers serveur<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

Configuration compl\u00e8te avec commentaires<\/h2>\n\n\n\n
enable\nconfigure terminal\n\n! ==============================\n! CONFIGURATION DES INTERFACES\n! ==============================\n\n! Interface WAN vers Internet ou routeur amont\ninterface GigabitEthernet0\/0\n ip address 192.168.16.4 255.255.255.240\n no shutdown\n exit\n\n! Interface physique utilis\u00e9e pour le router-on-a-stick\ninterface GigabitEthernet0\/1\n no ip address\n no shutdown\n exit\n\n! VLAN 10 - Utilisateurs 1\ninterface GigabitEthernet0\/1.10\n encapsulation dot1Q 10\n ip address 172.16.0.33 255.255.255.224\n exit\n\n! VLAN 20 - Utilisateurs 2\ninterface GigabitEthernet0\/1.20\n encapsulation dot1Q 20\n ip address 172.16.0.65 255.255.255.224\n exit\n\n! VLAN 30 - Serveurs\ninterface GigabitEthernet0\/1.30\n encapsulation dot1Q 30\n ip address 172.16.0.97 255.255.255.224\n exit\n\n! VLAN 40 - Autre VLAN interne\ninterface GigabitEthernet0\/1.40\n encapsulation dot1Q 40\n ip address 172.16.0.129 255.255.255.224\n exit\n\n! VLAN 99 - Administration\ninterface GigabitEthernet0\/1.99\n encapsulation dot1Q 99\n ip address 172.16.0.161 255.255.255.224\n exit\n\n! ==============================\n! ACL WAN\n! ==============================\n\n! Cette ACL filtre ce qui arrive depuis Internet.\n! Internet peut acc\u00e9der uniquement au serveur web interne.\n! Serveur web : 172.16.0.98\n\nip access-list extended ACL-WAN\n permit tcp any host 172.16.0.98 eq www\n permit tcp any host 172.16.0.98 eq 443\n deny ip any any\n exit\n\n! Application de l\u2019ACL WAN en entr\u00e9e sur l\u2019interface Internet\ninterface GigabitEthernet0\/0\n ip access-group ACL-WAN in\n exit\n\n! ==============================\n! ACL UTILISATEURS\n! ==============================\n\n! Cette ACL est destin\u00e9e uniquement aux VLAN utilisateurs.\n! Elle autorise :\n! - l\u2019acc\u00e8s HTTP\/HTTPS au serveur web\n! - l\u2019acc\u00e8s \u00e0 Internet\n! Elle bloque :\n! - les acc\u00e8s vers les autres VLAN internes\n\nip access-list extended ACL-USERS\n\n ! Autoriser VLAN 10 vers serveur web en HTTP\n permit tcp 172.16.0.32 0.0.0.31 host 172.16.0.98 eq www\n\n ! Autoriser VLAN 10 vers serveur web en HTTPS\n permit tcp 172.16.0.32 0.0.0.31 host 172.16.0.98 eq 443\n\n ! Autoriser VLAN 20 vers serveur web en HTTP\n permit tcp 172.16.0.64 0.0.0.31 host 172.16.0.98 eq www\n\n ! Autoriser VLAN 20 vers serveur web en HTTPS\n permit tcp 172.16.0.64 0.0.0.31 host 172.16.0.98 eq 443\n\n ! Bloquer les utilisateurs vers les autres VLAN internes\n deny ip 172.16.0.32 0.0.0.31 172.16.0.0 0.0.0.255\n deny ip 172.16.0.64 0.0.0.31 172.16.0.0 0.0.0.255\n\n ! Autoriser le reste vers Internet\n permit ip 172.16.0.32 0.0.0.31 any\n permit ip 172.16.0.64 0.0.0.31 any\n\n exit\n\n! Application uniquement sur les VLAN utilisateurs\ninterface GigabitEthernet0\/1.10\n ip access-group ACL-USERS in\n exit\n\ninterface GigabitEthernet0\/1.20\n ip access-group ACL-USERS in\n exit\n\n! ==============================\n! ACL ADMINISTRATION\n! ==============================\n\n! Le VLAN admin peut aller partout.\n! Cette ACL est optionnelle, mais elle rend la r\u00e8gle explicite.\n\nip access-list extended ACL-ADMIN\n permit ip 172.16.0.160 0.0.0.31 any\n exit\n\ninterface GigabitEthernet0\/1.99\n ip access-group ACL-ADMIN in\n exit\n\n! ==============================\n! IMPORTANT\n! ==============================\n\n! On n\u2019applique pas ACL-USERS sur le VLAN serveur.\n! Sinon les r\u00e9ponses du serveur vers les clients peuvent \u00eatre bloqu\u00e9es.\n! on fait une ACL d\u00e9di\u00e9 qui limite les flux au stricte n\u00e9cessaire HTTP et HTTPS\n\nip access-list extended ACL-SERVER\n\n! Autoriser les r\u00e9ponses HTTP\/HTTPS du serveur web vers les utilisateurs uniquement pour les connexions \u00e9tablies\n! established autorise uniquement les paquets TCP avec le bit ACK ou RST, ce qui correspond g\u00e9n\u00e9ralement \u00e0 du trafic de retour.\n! Ce n\u2019est pas un vrai pare-feu stateful, mais c\u2019est mieux qu\u2019un simple eq www en source.\n\n! Autoriser uniquement le trafic TCP de retour vers le LAN interne\npermit tcp 172.16.0.96 0.0.0.31 172.16.0.0 0.0.0.255 established\n\n! Bloquer la DMZ vers tous les VLAN internes\ndeny ip 172.16.0.96 0.0.0.31 172.16.0.0 0.0.0.255\n\n! Autoriser la DMZ vers Internet si n\u00e9cessaire\npermit ip 172.16.0.96 0.0.0.31 any\n\nexit\n\ninterface g0\/1.30\n ip access-group ACL-SERVER in\n\n! ==============================\n! SAUVEGARDE\n! ==============================\n\nend\nwrite memory<\/code><\/pre>\n\n\n\n
Explication d\u00e9taill\u00e9e<\/h2>\n\n\n\n
1. Principe d\u2019une ACL<\/h3>\n\n\n\n
Une ACL est une liste de r\u00e8gles lues de haut en bas. D\u00e8s qu\u2019une ligne correspond au trafic, elle est appliqu\u00e9e. Si aucune ligne ne correspond, Cisco applique un refus implicite \u00e0 la fin.<\/p>\n\n\n\n
Cela signifie que l\u2019ordre des lignes est tr\u00e8s important.<\/p>\n\n\n\n
2. ACL standard et ACL \u00e9tendue<\/h3>\n\n\n\n
Une ACL standard filtre uniquement sur l\u2019adresse source.<\/p>\n\n\n\n
Exemple :<\/p>\n\n\n\n
access-list 10 permit 172.16.0.160 0.0.0.31<\/code><\/pre>\n\n\n\n
Une ACL \u00e9tendue filtre sur la source, la destination, le protocole et \u00e9ventuellement le port.<\/p>\n\n\n\n
Exemple :<\/p>\n\n\n\n
permit tcp 172.16.0.32 0.0.0.31 host 172.16.0.98 eq 443<\/code><\/pre>\n\n\n\n
Dans cet exemple, on autorise le r\u00e9seau 172.16.0.32\/27<\/code> \u00e0 acc\u00e9der au serveur 172.16.0.98<\/code> en HTTPS.<\/p>\n\n\n\n
3. Signification de host<\/code>, any<\/code> et eq<\/code><\/h3>\n\n\n\n
host<\/code> d\u00e9signe une seule adresse IP.<\/p>\n\n\n\n
host 172.16.0.98<\/code><\/pre>\n\n\n\n
\u00e9quivaut \u00e0 :<\/p>\n\n\n\n
172.16.0.98 0.0.0.0<\/code><\/pre>\n\n\n\n
any<\/code> signifie n\u2019importe quelle adresse.<\/p>\n\n\n\n
permit ip 172.16.0.32 0.0.0.31 any<\/code><\/pre>\n\n\n\n
Cela autorise le VLAN utilisateur vers n\u2019importe quelle destination, donc Internet si les autres VLAN internes ont \u00e9t\u00e9 bloqu\u00e9s avant.<\/p>\n\n\n\n
eq<\/code> signifie \u201c\u00e9gal \u00e0\u201d et sert \u00e0 filtrer un port pr\u00e9cis.<\/p>\n\n\n\n
eq www<\/code><\/pre>\n\n\n\n
correspond au port TCP 80.<\/p>\n\n\n\n
eq 443<\/code><\/pre>\n\n\n\n
correspond au port TCP 443.<\/p>\n\n\n\n
4. Pourquoi ne pas appliquer la m\u00eame ACL sur tous les VLAN<\/h3>\n\n\n\n
Dans l\u2019exercice, l\u2019erreur classique consiste \u00e0 appliquer la m\u00eame ACL sur les VLAN utilisateurs, serveurs et admin.<\/p>\n\n\n\n
Si on applique cette ACL sur le VLAN serveur :<\/p>\n\n\n\n
deny ip 172.16.0.0 0.0.0.255 172.16.0.0 0.0.0.255<\/code><\/pre>\n\n\n\n
alors les r\u00e9ponses du serveur vers les clients peuvent \u00eatre bloqu\u00e9es.<\/p>\n\n\n\n
Exemple :<\/p>\n\n\n\n
Laptop0 -> serveur web : autoris\u00e9
serveur web -> Laptop0 : bloqu\u00e9<\/code><\/pre>\n\n\n\n
La bonne m\u00e9thode consiste \u00e0 cr\u00e9er une ACL selon le r\u00f4le du VLAN :<\/p>\n\n\n\n
ACL-USERS : appliqu\u00e9e aux VLAN utilisateurs
ACL-WAN : appliqu\u00e9e sur l\u2019interface Internet
ACL-ADMIN : appliqu\u00e9e au VLAN admin si besoin<\/code><\/pre>\n\n\n\n
5. Wildcard mask en \/27<\/h3>\n\n\n\n
Un r\u00e9seau en \/27 utilise le masque :<\/p>\n\n\n\n
255.255.255.224<\/code><\/pre>\n\n\n\n
Le wildcard correspondant est : >> 255-224 = 31<\/p>\n\n\n\n
0.0.0.31<\/code><\/pre>\n\n\n\n
Exemple :<\/p>\n\n\n\n
172.16.0.32 0.0.0.31<\/code><\/pre>\n\n\n\n
d\u00e9signe le sous-r\u00e9seau :<\/p>\n\n\n\n
172.16.0.32\/27<\/code><\/pre>\n\n\n\n
Plage utilisable :<\/p>\n\n\n\n
172.16.0.33 \u00e0 172.16.0.62<\/code><\/pre>\n\n\n\n
6. Voir les ACL<\/h3>\n\n\n\n
show access-lists<\/code><\/pre>\n\n\n\n
Pour voir o\u00f9 elles sont appliqu\u00e9es :<\/p>\n\n\n\n
show running-config<\/code><\/pre>\n\n\n\n
ou sur une interface pr\u00e9cise :<\/p>\n\n\n\n
show running-config interface GigabitEthernet0\/1.10<\/code><\/pre>\n\n\n\n
7. Supprimer une ACL<\/h3>\n\n\n\n
Supprimer une ACL nomm\u00e9e :<\/p>\n\n\n\n
configure terminal
no ip access-list extended ACL-USERS
end<\/code><\/pre>\n\n\n\n
Retirer une ACL d\u2019une interface :<\/p>\n\n\n\n
configure terminal
interface GigabitEthernet0\/1.10
 no ip access-group ACL-USERS in
end<\/code><\/pre>\n\n\n\n
8. R\u00e9sum\u00e9<\/h3>\n\n\n\n
Les ACL permettent de contr\u00f4ler pr\u00e9cis\u00e9ment les flux r\u00e9seau. Pour \u00e9viter les erreurs, il faut toujours v\u00e9rifier trois points :<\/p>\n\n\n\n
1. Quelle source veut communiquer ?
2. Quelle destination est vis\u00e9e ?
3. O\u00f9 appliquer l\u2019ACL pour ne pas bloquer les retours ?<\/code><\/pre>\n\n\n\n
Dans cette fiche, la r\u00e8gle importante est la suivante :<\/p>\n\n\n\n
On filtre les utilisateurs en entr\u00e9e de leurs VLAN.
On filtre Internet en entr\u00e9e de l\u2019interface WAN.
On n\u2019applique pas une ACL utilisateur sur le VLAN serveur.<\/code><\/pre>\n\n\n\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
Dans un contexte BTS CIEL \/ SIO, les ACL Cisco permettent de contr\u00f4ler les communications entre plusieurs r\u00e9seaux. Elles sont utilis\u00e9es pour segmenter un r\u00e9seau, limiter les acc\u00e8s entre VLAN et autoriser uniquement les flux n\u00e9cessaires. Cette fiche pr\u00e9sente un cas pratique avec plusieurs VLAN en \/27. L\u2019objectif est de comprendre o\u00f9 placer les ACL, […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[4,10],"tags":[],"class_list":["post-247","post","type-post","status-publish","format-standard","hentry","category-cisco","category-reseau"],"yoast_head":"\nFiche \u2013 ACL et NAT Cisco (segmentation + DMZ\/publication web) - Eryann Breizh SecOps<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/eryann.fr\/index.php\/cisco\/fiche-acl-et-nat-cisco-segmentation-dmz-publication-web\/\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Fiche \u2013 ACL et NAT Cisco (segmentation + DMZ\/publication web) - Eryann Breizh SecOps\" \/>\n<meta property=\"og:description\" content=\"Dans un contexte BTS CIEL \/ SIO, les ACL Cisco permettent de contr\u00f4ler les communications entre plusieurs r\u00e9seaux. Elles sont utilis\u00e9es pour segmenter un r\u00e9seau, limiter les acc\u00e8s entre VLAN et autoriser uniquement les flux n\u00e9cessaires. Cette fiche pr\u00e9sente un cas pratique avec plusieurs VLAN en \/27. L\u2019objectif est de comprendre o\u00f9 placer les ACL, […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/eryann.fr\/index.php\/cisco\/fiche-acl-et-nat-cisco-segmentation-dmz-publication-web\/\" \/>\n<meta property=\"og:site_name\" content=\"Eryann Breizh SecOps\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-02T16:15:45+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-05-02T22:05:16+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/eryann.fr\/wp-content\/uploads\/2026\/05\/cee57bb4-a0c7-4d64-9a0a-61496f2d12fb.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1536\" \/>\n\t<meta property=\"og:image:height\" content=\"1024\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"wpadmin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u00c9crit par\" \/>\n\t<meta name=\"twitter:data1\" content=\"wpadmin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Dur\u00e9e de lecture estim\u00e9e\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/eryann.fr\\\/index.php\\\/cisco\\\/fiche-acl-et-nat-cisco-segmentation-dmz-publication-web\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/eryann.fr\\\/index.php\\\/cisco\\\/fiche-acl-et-nat-cisco-segmentation-dmz-publication-web\\\/\"},\"author\":{\"name\":\"wpadmin\",\"@id\":\"https:\\\/\\\/eryann.fr\\\/#\\\/schema\\\/person\\\/d2ee98d2385cd045ed4fe1c07ca320b5\"},\"headline\":\"Fiche \u2013 ACL et NAT Cisco (segmentation + DMZ\\\/publication web)\",\"datePublished\":\"2026-05-02T16:15:45+00:00\",\"dateModified\":\"2026-05-02T22:05:16+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/eryann.fr\\\/index.php\\\/cisco\\\/fiche-acl-et-nat-cisco-segmentation-dmz-publication-web\\\/\"},\"wordCount\":474,\"publisher\":{\"@id\":\"https:\\\/\\\/eryann.fr\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/eryann.fr\\\/index.php\\\/cisco\\\/fiche-acl-et-nat-cisco-segmentation-dmz-publication-web\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eryann.fr\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/cee57bb4-a0c7-4d64-9a0a-61496f2d12fb-1024x683.png\",\"articleSection\":[\"Cisco\",\"R\u00e9seau\"],\"inLanguage\":\"fr-FR\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/eryann.fr\\\/index.php\\\/cisco\\\/fiche-acl-et-nat-cisco-segmentation-dmz-publication-web\\\/\",\"url\":\"https:\\\/\\\/eryann.fr\\\/index.php\\\/cisco\\\/fiche-acl-et-nat-cisco-segmentation-dmz-publication-web\\\/\",\"name\":\"Fiche \u2013 ACL et NAT Cisco (segmentation + DMZ\\\/publication web) - Eryann Breizh SecOps\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/eryann.fr\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/eryann.fr\\\/index.php\\\/cisco\\\/fiche-acl-et-nat-cisco-segmentation-dmz-publication-web\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/eryann.fr\\\/index.php\\\/cisco\\\/fiche-acl-et-nat-cisco-segmentation-dmz-publication-web\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eryann.fr\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/cee57bb4-a0c7-4d64-9a0a-61496f2d12fb-1024x683.png\",\"datePublished\":\"2026-05-02T16:15:45+00:00\",\"dateModified\":\"2026-05-02T22:05:16+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/eryann.fr\\\/index.php\\\/cisco\\\/fiche-acl-et-nat-cisco-segmentation-dmz-publication-web\\\/#breadcrumb\"},\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/eryann.fr\\\/index.php\\\/cisco\\\/fiche-acl-et-nat-cisco-segmentation-dmz-publication-web\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\\\/\\\/eryann.fr\\\/index.php\\\/cisco\\\/fiche-acl-et-nat-cisco-segmentation-dmz-publication-web\\\/#primaryimage\",\"url\":\"https:\\\/\\\/eryann.fr\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/cee57bb4-a0c7-4d64-9a0a-61496f2d12fb.png\",\"contentUrl\":\"https:\\\/\\\/eryann.fr\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/cee57bb4-a0c7-4d64-9a0a-61496f2d12fb.png\",\"width\":1536,\"height\":1024},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/eryann.fr\\\/index.php\\\/cisco\\\/fiche-acl-et-nat-cisco-segmentation-dmz-publication-web\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/eryann.fr\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Fiche \u2013 ACL et NAT Cisco (segmentation + DMZ\\\/publication web)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/eryann.fr\\\/#website\",\"url\":\"https:\\\/\\\/eryann.fr\\\/\",\"name\":\"Eryann Breizh SecOps\",\"description\":\"Fiches techniques & labs en syst\u00e8mes et r\u00e9seaux poor les \u00e9tudiants en BTS CEIL ET SIO\",\"publisher\":{\"@id\":\"https:\\\/\\\/eryann.fr\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/eryann.fr\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"fr-FR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/eryann.fr\\\/#organization\",\"name\":\"Breizh Sec Ops\",\"url\":\"https:\\\/\\\/eryann.fr\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\\\/\\\/eryann.fr\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/eryann.fr\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/cropped-088112b9-fd28-4b18-b02d-4d9dded3e900-e1777846396685.png\",\"contentUrl\":\"https:\\\/\\\/eryann.fr\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/cropped-088112b9-fd28-4b18-b02d-4d9dded3e900-e1777846396685.png\",\"width\":1246,\"height\":229,\"caption\":\"Breizh Sec Ops\"},\"image\":{\"@id\":\"https:\\\/\\\/eryann.fr\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/eryann.fr\\\/#\\\/schema\\\/person\\\/d2ee98d2385cd045ed4fe1c07ca320b5\",\"name\":\"wpadmin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d71b4031c3d015de3ca68c137413277e548b331b07db0acf781b9379b798eb3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d71b4031c3d015de3ca68c137413277e548b331b07db0acf781b9379b798eb3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d71b4031c3d015de3ca68c137413277e548b331b07db0acf781b9379b798eb3e?s=96&d=mm&r=g\",\"caption\":\"wpadmin\"},\"sameAs\":[\"https:\\\/\\\/eryann.fr\"],\"url\":\"https:\\\/\\\/eryann.fr\\\/index.php\\\/author\\\/wpadmin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Fiche \u2013 ACL et NAT Cisco (segmentation + DMZ\/publication web) - Eryann Breizh SecOps","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/eryann.fr\/index.php\/cisco\/fiche-acl-et-nat-cisco-segmentation-dmz-publication-web\/","og_locale":"fr_FR","og_type":"article","og_title":"Fiche \u2013 ACL et NAT Cisco (segmentation + DMZ\/publication web) - Eryann Breizh SecOps","og_description":"Dans un contexte BTS CIEL \/ SIO, les ACL Cisco permettent de contr\u00f4ler les communications entre plusieurs r\u00e9seaux. Elles sont utilis\u00e9es pour segmenter un r\u00e9seau, limiter les acc\u00e8s entre VLAN et autoriser uniquement les flux n\u00e9cessaires. Cette fiche pr\u00e9sente un cas pratique avec plusieurs VLAN en \/27. L\u2019objectif est de comprendre o\u00f9 placer les ACL, […]","og_url":"https:\/\/eryann.fr\/index.php\/cisco\/fiche-acl-et-nat-cisco-segmentation-dmz-publication-web\/","og_site_name":"Eryann Breizh SecOps","article_published_time":"2026-05-02T16:15:45+00:00","article_modified_time":"2026-05-02T22:05:16+00:00","og_image":[{"width":1536,"height":1024,"url":"https:\/\/eryann.fr\/wp-content\/uploads\/2026\/05\/cee57bb4-a0c7-4d64-9a0a-61496f2d12fb.png","type":"image\/png"}],"author":"wpadmin","twitter_card":"summary_large_image","twitter_misc":{"\u00c9crit par":"wpadmin","Dur\u00e9e de lecture estim\u00e9e":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/eryann.fr\/index.php\/cisco\/fiche-acl-et-nat-cisco-segmentation-dmz-publication-web\/#article","isPartOf":{"@id":"https:\/\/eryann.fr\/index.php\/cisco\/fiche-acl-et-nat-cisco-segmentation-dmz-publication-web\/"},"author":{"name":"wpadmin","@id":"https:\/\/eryann.fr\/#\/schema\/person\/d2ee98d2385cd045ed4fe1c07ca320b5"},"headline":"Fiche \u2013 ACL et NAT Cisco (segmentation + DMZ\/publication web)","datePublished":"2026-05-02T16:15:45+00:00","dateModified":"2026-05-02T22:05:16+00:00","mainEntityOfPage":{"@id":"https:\/\/eryann.fr\/index.php\/cisco\/fiche-acl-et-nat-cisco-segmentation-dmz-publication-web\/"},"wordCount":474,"publisher":{"@id":"https:\/\/eryann.fr\/#organization"},"image":{"@id":"https:\/\/eryann.fr\/index.php\/cisco\/fiche-acl-et-nat-cisco-segmentation-dmz-publication-web\/#primaryimage"},"thumbnailUrl":"https:\/\/eryann.fr\/wp-content\/uploads\/2026\/05\/cee57bb4-a0c7-4d64-9a0a-61496f2d12fb-1024x683.png","articleSection":["Cisco","R\u00e9seau"],"inLanguage":"fr-FR"},{"@type":"WebPage","@id":"https:\/\/eryann.fr\/index.php\/cisco\/fiche-acl-et-nat-cisco-segmentation-dmz-publication-web\/","url":"https:\/\/eryann.fr\/index.php\/cisco\/fiche-acl-et-nat-cisco-segmentation-dmz-publication-web\/","name":"Fiche \u2013 ACL et NAT Cisco (segmentation + DMZ\/publication web) - Eryann Breizh SecOps","isPartOf":{"@id":"https:\/\/eryann.fr\/#website"},"primaryImageOfPage":{"@id":"https:\/\/eryann.fr\/index.php\/cisco\/fiche-acl-et-nat-cisco-segmentation-dmz-publication-web\/#primaryimage"},"image":{"@id":"https:\/\/eryann.fr\/index.php\/cisco\/fiche-acl-et-nat-cisco-segmentation-dmz-publication-web\/#primaryimage"},"thumbnailUrl":"https:\/\/eryann.fr\/wp-content\/uploads\/2026\/05\/cee57bb4-a0c7-4d64-9a0a-61496f2d12fb-1024x683.png","datePublished":"2026-05-02T16:15:45+00:00","dateModified":"2026-05-02T22:05:16+00:00","breadcrumb":{"@id":"https:\/\/eryann.fr\/index.php\/cisco\/fiche-acl-et-nat-cisco-segmentation-dmz-publication-web\/#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/eryann.fr\/index.php\/cisco\/fiche-acl-et-nat-cisco-segmentation-dmz-publication-web\/"]}]},{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/eryann.fr\/index.php\/cisco\/fiche-acl-et-nat-cisco-segmentation-dmz-publication-web\/#primaryimage","url":"https:\/\/eryann.fr\/wp-content\/uploads\/2026\/05\/cee57bb4-a0c7-4d64-9a0a-61496f2d12fb.png","contentUrl":"https:\/\/eryann.fr\/wp-content\/uploads\/2026\/05\/cee57bb4-a0c7-4d64-9a0a-61496f2d12fb.png","width":1536,"height":1024},{"@type":"BreadcrumbList","@id":"https:\/\/eryann.fr\/index.php\/cisco\/fiche-acl-et-nat-cisco-segmentation-dmz-publication-web\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/eryann.fr\/"},{"@type":"ListItem","position":2,"name":"Fiche \u2013 ACL et NAT Cisco (segmentation + DMZ\/publication web)"}]},{"@type":"WebSite","@id":"https:\/\/eryann.fr\/#website","url":"https:\/\/eryann.fr\/","name":"Eryann Breizh SecOps","description":"Fiches techniques & labs en syst\u00e8mes et r\u00e9seaux poor les \u00e9tudiants en BTS CEIL ET SIO","publisher":{"@id":"https:\/\/eryann.fr\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/eryann.fr\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fr-FR"},{"@type":"Organization","@id":"https:\/\/eryann.fr\/#organization","name":"Breizh Sec Ops","url":"https:\/\/eryann.fr\/","logo":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/eryann.fr\/#\/schema\/logo\/image\/","url":"https:\/\/eryann.fr\/wp-content\/uploads\/2026\/05\/cropped-088112b9-fd28-4b18-b02d-4d9dded3e900-e1777846396685.png","contentUrl":"https:\/\/eryann.fr\/wp-content\/uploads\/2026\/05\/cropped-088112b9-fd28-4b18-b02d-4d9dded3e900-e1777846396685.png","width":1246,"height":229,"caption":"Breizh Sec Ops"},"image":{"@id":"https:\/\/eryann.fr\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/eryann.fr\/#\/schema\/person\/d2ee98d2385cd045ed4fe1c07ca320b5","name":"wpadmin","image":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/secure.gravatar.com\/avatar\/d71b4031c3d015de3ca68c137413277e548b331b07db0acf781b9379b798eb3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d71b4031c3d015de3ca68c137413277e548b331b07db0acf781b9379b798eb3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d71b4031c3d015de3ca68c137413277e548b331b07db0acf781b9379b798eb3e?s=96&d=mm&r=g","caption":"wpadmin"},"sameAs":["https:\/\/eryann.fr"],"url":"https:\/\/eryann.fr\/index.php\/author\/wpadmin\/"}]}},"_links":{"self":[{"href":"https:\/\/eryann.fr\/index.php\/wp-json\/wp\/v2\/posts\/247","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/eryann.fr\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/eryann.fr\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/eryann.fr\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/eryann.fr\/index.php\/wp-json\/wp\/v2\/comments?post=247"}],"version-history":[{"count":10,"href":"https:\/\/eryann.fr\/index.php\/wp-json\/wp\/v2\/posts\/247\/revisions"}],"predecessor-version":[{"id":267,"href":"https:\/\/eryann.fr\/index.php\/wp-json\/wp\/v2\/posts\/247\/revisions\/267"}],"wp:attachment":[{"href":"https:\/\/eryann.fr\/index.php\/wp-json\/wp\/v2\/media?parent=247"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/eryann.fr\/index.php\/wp-json\/wp\/v2\/categories?post=247"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/eryann.fr\/index.php\/wp-json\/wp\/v2\/tags?post=247"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}