07-31-2008 06:57 AM - edited 03-12-2019 05:57 PM
Hello,
I have a router. I connected 3 port so I have 3 subnets:
192.168.0.0/24 Fa0, 192.168.1.0/24 Fa1, and 192.168.2.0/24 Fa2
Now, I need to do:
Subnet 192.168.1.0 is the most secure so nobody should access it, except one host from 192.168.2.0 subnet(192.168.2.10), but users from 192.168.1.0 should access both 0.0 and 2.0 subnets.
Subnets 192.168.0.0 and 192.168.2.0 should access each otherwith no restriction.
I have configured this:
access-list 100 deny ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 100 deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 100 permit ip any any
int fast 1
access-group 100 out
but in this way if users from 192.168.1.0 try to access the other 2 subnet, the return trafic will match the access list 100 so subnet 192.168.1.0 is not able to access them.
Can u give me a solution please?
Thank U!
Solved! Go to Solution.
07-31-2008 07:16 AM
I assume int fast 1 is 192.168.1.x?
access-list 100 permit tcp any 192.168.1.0 0.0.0.255 established
access-list 100 permit ip 192.168.2.10 0.0.0.0 192.168.1.0 0.0.0.255
int fast 1
access-group 100 out
07-31-2008 07:16 AM
I assume int fast 1 is 192.168.1.x?
access-list 100 permit tcp any 192.168.1.0 0.0.0.255 established
access-list 100 permit ip 192.168.2.10 0.0.0.0 192.168.1.0 0.0.0.255
int fast 1
access-group 100 out
08-01-2008 04:53 AM
yes, you assumed right and it is working
thanks a lot
08-01-2008 07:12 AM
What kind of router do you have?
08-01-2008 09:53 AM
cisco 1812
08-01-2008 10:09 AM
Thanks.
How do you define 3 subnets using this router?
Do you need to do VLAN?
08-01-2008 10:19 AM
yes...it is a little more complicated.
the subnets are connected via a switch HP with VLANS and I have access-list on every every subnet IN direction...but I was intrested in the problem with returning traffic (if u read my firs message)
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: