Access from one subnet to another

Answered Question
Jul 31st, 2008
User Badges:

Hello,


I have a router. I connected 3 port so I have 3 subnets:

192.168.0.0/24 Fa0, 192.168.1.0/24 Fa1, and 192.168.2.0/24 Fa2


Now, I need to do:

Subnet 192.168.1.0 is the most secure so nobody should access it, except one host from 192.168.2.0 subnet(192.168.2.10), but users from 192.168.1.0 should access both 0.0 and 2.0 subnets.

Subnets 192.168.0.0 and 192.168.2.0 should access each otherwith no restriction.


I have configured this:

access-list 100 deny ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 100 deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 100 permit ip any any

int fast 1

access-group 100 out


but in this way if users from 192.168.1.0 try to access the other 2 subnet, the return trafic will match the access list 100 so subnet 192.168.1.0 is not able to access them.


Can u give me a solution please?


Thank U!

Correct Answer by acomiskey about 8 years 7 months ago

I assume int fast 1 is 192.168.1.x?


access-list 100 permit tcp any 192.168.1.0 0.0.0.255 established

access-list 100 permit ip 192.168.2.10 0.0.0.0 192.168.1.0 0.0.0.255

int fast 1

access-group 100 out

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
acomiskey Thu, 07/31/2008 - 07:16
User Badges:
  • Green, 3000 points or more

I assume int fast 1 is 192.168.1.x?


access-list 100 permit tcp any 192.168.1.0 0.0.0.255 established

access-list 100 permit ip 192.168.2.10 0.0.0.0 192.168.1.0 0.0.0.255

int fast 1

access-group 100 out

eplanchon Fri, 08/01/2008 - 10:09
User Badges:

Thanks.

How do you define 3 subnets using this router?

Do you need to do VLAN?


Spinu Viorel Fri, 08/01/2008 - 10:19
User Badges:

yes...it is a little more complicated.

the subnets are connected via a switch HP with VLANS and I have access-list on every every subnet IN direction...but I was intrested in the problem with returning traffic (if u read my firs message)

Actions

This Discussion