ACL Help

Unanswered Question
Apr 28th, 2008
User Badges:

I have a 1600

here are the acl's



access-list 10 permit 192.168.10.0 0.0.0.255

access-list 10 permit 192.168.1.0 0.0.0.255

access-list 100 permit ip any host 192.168.1.1

access-list 100 permit ip any host 192.168.1.199

access-list 100 permit ip any 192.168.100.0 0.0.0.255

access-list 100 deny ip any 192.168.1.0 0.0.0.255

access-list 100 permit ip any any


Hi we blocked all traffic going to the 1.x subnet acepct for .1.1 and 1.199

1.1 is our pix that does the nating


we need to open the 1.x sub for 2 computers in the 10.x net

would the acl go somthing like this ??

access-list 100 permit ip 192.168.10.63 192.168.1.0 0.0.0.255

??


Thanks again

Bill

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Mon, 04/28/2008 - 11:25
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Bill


Yes although you will need to reenter the access-list as if you add


access-list 100 permit ip 192.168.10.63 192.168.1.0 0.0.0.255


it will appear after the


access-list 100 deny ip any 192.168.1.0 0.0.0.255


One other thing, your new acl lines should include the "host" keyword ie.


access-list 100 permit ip 192.168.10.63 192.168.1.0 0.0.0.255


should be


access-list 100 permit ip host 192.168.10.63 192.168.1.0 0.0.0.255


Jon

Actions

This Discussion