Hi all. I have a cisco 1841 which i use to segregrate 2 private lans.
The commands below shows one of my fast ethernet int which i place acl on.
ip address 192.168.4.253 255.255.255.0
ip access-group 100 out
access-list 100 permit icmp any any
access-list 100 permit tcp 192.168.4.0 0.0.0.255 host 192.168.1.204 eq www
access-list 100 permit tcp host 192.168.1.204 192.168.4.0 0.0.0.255 established
My objective is to allow 192.168.4.0/24 subnet to be able to access 192.168.1.204/24 on port 80 only. However with my acl implemented as shown i could access 192.168.1.204/24 even through rdp. But the ACLs manage to prevent access to other workstations on 192.168.1.0/24. Can anyone advise me what is wrong with my acl?
Another query is the command "access-list 100 permit tcp host 192.168.1.204 192.168.4.0 0.0.0.255 established". I believe this command is to allow incoming packets only after any station on 192.168.4.0/24 subnet has initiated the connection. Hence i feel this acl should be place in fa0/1 incoming traffic instead of outgoing traffic. Hence it should be "access-list 110 permit tcp host 192.168.1.204 192.168.4.0 0.0.0.255 established" with "ip access-group 110 in". However when i try to place that acl on incoming traffic, no traffic could pass through. Pls advise.