ACL Help

bkennedy32 · ‎04-28-2008

I have a 1600

here are the acl's

access-list 10 permit 192.168.10.0 0.0.0.255

access-list 10 permit 192.168.1.0 0.0.0.255

access-list 100 permit ip any host 192.168.1.1

access-list 100 permit ip any host 192.168.1.199

access-list 100 permit ip any 192.168.100.0 0.0.0.255

access-list 100 deny ip any 192.168.1.0 0.0.0.255

access-list 100 permit ip any any

Hi we blocked all traffic going to the 1.x subnet acepct for .1.1 and 1.199

1.1 is our pix that does the nating

we need to open the 1.x sub for 2 computers in the 10.x net

would the acl go somthing like this ??

access-list 100 permit ip 192.168.10.63 192.168.1.0 0.0.0.255

??

Thanks again

Bill

Jon Marshall · ‎04-28-2008

Bill

Yes although you will need to reenter the access-list as if you add

access-list 100 permit ip 192.168.10.63 192.168.1.0 0.0.0.255

it will appear after the

access-list 100 deny ip any 192.168.1.0 0.0.0.255

One other thing, your new acl lines should include the "host" keyword ie.

access-list 100 permit ip 192.168.10.63 192.168.1.0 0.0.0.255

should be

access-list 100 permit ip host 192.168.10.63 192.168.1.0 0.0.0.255

Jon