access lists

Unanswered Question
Feb 6th, 2007

Hi all, with access lists, say if I have a pc on a network 172.19.51.1/24 and the other on 172.19.52.1/24, If I want one pc to see the other, but only one way, is this possible ?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Carl,

When you say 1 PC should see the other, and not vice versa, what are you exactly looking to do?

Is this is at the browser level, like see local drives etc? Or is this application level? If you're in a M$WIN enviornment there are permissions and access level security that would limit visibility/access.

As far as access lists go, you've got to be careful. TCP connections for example, require 2-way communication. Blind 1-way ACLs might not get the desired results.

carl_townshend Wed, 02/07/2007 - 07:29

Hi thanks for the reply, yes I was thinking of a 1 way ACL, ie if I ping a machine, I guess the echo reply will be blocked ?

g.watt Wed, 02/07/2007 - 08:16

The access-lsit to do this is below

conf t

access-list 101 permit ip host 172.19.51.1 host 172.19.52.1

access list 102 deny ip host 172.19.52.1 host 172.19.51.1

int f0/1

ip access-group 101 out

ip access-group 102 in

Actions

This Discussion