Access List

Answered Question
Oct 14th, 2008

Hi, I m bit confused in making access lists. We have three V-lans following:

Vlan100 NOC SL 100 192.168.12.0/24

Vlan200 QA SL 50 192.168.13.0/24

Vlan300 DEV SL 50 192.168.14.0/24

Vlan2 Out SL 0 *.*

Among all V-lans except Outside we are using NO NAT, means all V-lan 100,200,300 Network Traffic are exempted. Now we come to access list : By default NOC can access both V-lan 200 and 300 Traffic and I m using PAT for all V-lans to access the internet. QA and DEV V-lans can access the internet without any problem and NOC too but I want to access one NOC machine 192.168.12.20 from QA and DEV V-lans and when I make a rule for this then QA and DEV not able to access the Internet. Can anyone help me...Thanks

I have this problem too.
0 votes
Correct Answer by suschoud about 8 years 1 month ago

access-l test permit ip any host 192.168.12.20

access-l test deny ip any 192.168.12.0 255.255.255.0

access-l test permit ip any any

access-g test in interface QA

access-g test in interface DEV

Please rate if helps.

Regards,

Sushil

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
suschoud Tue, 10/14/2008 - 09:47

access-l test permit ip any host 192.168.12.20

access-l test deny ip any 192.168.12.0 255.255.255.0

access-l test permit ip any any

access-g test in interface QA

access-g test in interface DEV

Please rate if helps.

Regards,

Sushil

ray_stone Tue, 10/14/2008 - 09:55

Hi Sushil, Thanks for ur reply.

access-l test permit ip any any

if i make this then all DEV and QA users will able to access all NOC machines. Can you please clarify one by one. Thnaks

ray_stone Thu, 10/16/2008 - 22:01

Hi, now what i want it's that I want to give the access of DEV and QA users to access the outside 80 and 443 ports but for downloading e-mails Can i make a access list like through the domain name pop.gmail.com and smtp.gmail.com instead of using IP.

access-l test permit tcp any host pop/smtp.gmail.com eq 445

Is it possible??? Thanks

abinjola Fri, 10/17/2008 - 01:02

I am afraid..you can't use domain name in the ACL syntax

Actions

This Discussion