Here is what I have built:
ip access-list extended QA2
10 permit ip any 10.98.6.0 0.0.1.255
20 deny ip any 192.168.0.0 0.0.7.255 log
30 deny ip any 10.98.0.0 0.0.255.255 log
40 permit tcp any any eq www
50 permit tcp any any eq smtp
60 permit tcp any any eq 443
70 permit tcp any any eq ssh
Basicaly, I want to allow the hosts on QA2 (172.16.0.0/20) access to net 10.98.6.0/23 for all proto's, and only 22,25,80 and 443 to the internet...
One side question to the above:
I have this QA2 vlan span across 2 core switches (6513's) and have setup hsrp on the 2 vlan interface (172.16.0.2 and .3) as 172.16.0.1
The switch does not have a default gateway. Not sure what I should put it as...