I'm learning as I go with configuring Cisco routers so please excuse my very basic questions.
I have two networks (172.16.0.0 and 172.17.0.0) I need to be able to have the traffic from the 172.16 network access systems on the 172.17 network, but the 172.17 network should NOT be able to get to anything on the 172.16 network except for 1 server on one specific port. Please see my access-lists:
access-list 120 permit tcp 172.17.0.0 0.0.0.255 host 172.16.1.7 eq 15871
access-list 120 deny ip 172.17.0.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 120 deny ip 172.17.0.0 0.0.0.255 172.16.0.0 0.15.255.255
access-list 120 deny ip 172.17.0.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 120 permit ip any any
My feeling is the third deny statement is causing the problem.
So my first question is, are the statements bi-directional?
Someone else configured this router. Should each ACL have a different #? I ask because when I issue a NO ACCESS-LIST 120 deny ip 172.17.0.0 0.0.0.255 172.16.0.0 0.15.255.255 it removes all of the 120 ACLS
Any help or suggestions on what the ACL's should be would be HUGELY appreciated!