Extended ACL for Two Hosts in DMZ

Answered Question
Mar 3rd, 2009
User Badges:

I need an extended acl for two hosts (192.168.51.1 and 192.168.51.2) connected to a 2950, which is connected to G0/1 on my router (see attachment). I want local hosts on 192.168.50.0/24 and hosts from the internet to access these servers. I know there's a lot of other stuff that I need to configure (ie. ports, destination hosts address), but this is just to start me off. Thanks in advance.



Attachment: 
Correct Answer by Jon Marshall about 8 years 1 month ago

David


It's not entirely clear whay you want. If you simply want an acl that allows all IP from Internet and internal to those hosts then


access-list 101 permit ip any host 192.168.51.1

access-list 101 permit ip any host 192.168.51.2


int gi0/1

ip access-group 101 out


Note you don't need to have the LAN address ie. 192.168.50.0/24 because you have to use a source address of any because of the Internet addresses.


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jon Marshall Tue, 03/03/2009 - 18:51
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

David


It's not entirely clear whay you want. If you simply want an acl that allows all IP from Internet and internal to those hosts then


access-list 101 permit ip any host 192.168.51.1

access-list 101 permit ip any host 192.168.51.2


int gi0/1

ip access-group 101 out


Note you don't need to have the LAN address ie. 192.168.50.0/24 because you have to use a source address of any because of the Internet addresses.


Jon

Actions

This Discussion