Applying access-list alternative !

Unanswered Question
Jul 22nd, 2009
User Badges:

hi all. Kindly consider my following access-list that i want to apply on my branch router

access-list 111 per ip ho host

access-list 111 per ip ho host

access-list per ip ho host

Now this should be the over all flow in the branch. Means, should be able to talk only to and vice versa, same for all 2 statements. No other communication should be allowed. I was thinking of applying it in the outbound direction and then create another access-list which will be exact mirror of it and then apply it inbound. But i was looking for a much better way of applying it. Like i shall be able to apply it only once such that bi-directional traffic should be allowed just between these IPs.

How is it possible ?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
glen.grant Wed, 07/22/2009 - 03:22
User Badges:
  • Purple, 4500 points or more

You would apply it inbound on L3 interface that does the routing for 10.1.56.X subnet. This would take care of the flows . The way you have it now you would only have traffic from those 3 ips as there is a implied deny all at the end of the ACL .


This Discussion