*Please look at the attached pic for a visual of the question*
I have two subnets:
192.168.1.0/24 - main network
192.168.10.0/24 - restricted App server
The 192.168.10.0 subnet only has one server on it (App) that needs very strict access to it. Only a handful of IPs from the 192.168.1.0 subnet are allowed to access the App server on specific ports. However I need for the App server to use 192.168.1.1 for DNS services.
I'm a bit confused as to how to write the ACL statements to allow this. Would it be:
permit udp host 192.168.10.1 host 192.168.1.1 eq 53
permit udp host 192.168.1.1 host 192.168.10.1 eq 53
I'm just confused about which is the 'source' and which is the 'destination'. I know this is an easy one so sorry for the simple question.
ur application server is starting the request. So it is the source IMO not DNS server.
In terms of ACL, if you want to deny TCP from source 172.16.4.0 to destination 172.16.3.0 on port 21
then you write
deny tcp 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255 eq 21