ACL access

bkennedy32 · ‎08-12-2008

I have 2 subnets 10.x and 1.x with a router between them

I have a pix on the 1.x network that does the NATing for both the 10 and 1 networks to access the internet.

I want 2 computers from the 10.x network to be able to access the 1.x computers but do not want the 1.x computers to access the 10.x computers

here is my access list that i have right now

interface Ethernet0

ip address 192.168.1.254 255.255.255.0

ip access-group 100 out

no ip directed-broadcast

no ip proxy-arp

no cdp enable

!

interface Ethernet1

ip address 192.168.10.1 255.255.255.0

no ip directed-broadcast

no ip proxy-arp

no cdp enable

!

no ip classless

ip route 0.0.0.0 0.0.0.0 192.168.1.1 permanent

logging buffered 4096 debugging

no logging console

access-list 10 permit 192.168.10.0 0.0.0.255

access-list 10 permit 192.168.1.0 0.0.0.255

access-list 100 permit ip any host 192.168.1.1

access-list 100 permit ip any host 192.168.1.199

access-list 100 permit ip host 192.168.10.29 192.168.1.0 0.0.0.255

access-list 100 permit ip host 192.168.10.35 192.168.1.0 0.0.0.255

access-list 100 permit ip any 192.168.100.0 0.0.0.255

access-list 100 deny ip any 192.168.1.0 0.0.0.255

access-list 100 permit ip any any

I was thinking i need to create a 101 access-group deny any INCOMING

Any ideas

Thanks

Bill

Marwan ALshawi · ‎08-12-2008

try the following

access-list 101 permit host 192.168.10.29 192.168.1.0 0.0.0.255

access-list 101 permit host 192.168.10.35 192.168.1.0 0.0.0.255

access-list 101 deny ip any any

interface Ethernet 1

ip access-group 101 in

in this case only those ip will be allowed to communicate with 1.x

good luck

please if helpful rate