Applying access-list alternative !

Unanswered Question
Jul 22nd, 2009

hi all. Kindly consider my following access-list that i want to apply on my branch router

access-list 111 per ip ho 10.1.56.1 host 10.1.4.56

access-list 111 per ip ho 10.1.56.2 host 10.1.3.6

access-list per ip ho 10.1.56.9 host 10.1.47.69

Now this should be the over all flow in the branch. Means, 10.1.56.1 should be able to talk only to 10.1.4.56 and vice versa, same for all 2 statements. No other communication should be allowed. I was thinking of applying it in the outbound direction and then create another access-list which will be exact mirror of it and then apply it inbound. But i was looking for a much better way of applying it. Like i shall be able to apply it only once such that bi-directional traffic should be allowed just between these IPs.

How is it possible ?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
glen.grant Wed, 07/22/2009 - 03:22

You would apply it inbound on L3 interface that does the routing for 10.1.56.X subnet. This would take care of the flows . The way you have it now you would only have traffic from those 3 ips as there is a implied deny all at the end of the ACL .

Actions

This Discussion