Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Access List

Hi, I m bit confused in making access lists. We have three V-lans following:

Vlan100 NOC SL 100 192.168.12.0/24

Vlan200 QA SL 50 192.168.13.0/24

Vlan300 DEV SL 50 192.168.14.0/24

Vlan2 Out SL 0 *.*

Among all V-lans except Outside we are using NO NAT, means all V-lan 100,200,300 Network Traffic are exempted. Now we come to access list : By default NOC can access both V-lan 200 and 300 Traffic and I m using PAT for all V-lans to access the internet. QA and DEV V-lans can access the internet without any problem and NOC too but I want to access one NOC machine 192.168.12.20 from QA and DEV V-lans and when I make a rule for this then QA and DEV not able to access the Internet. Can anyone help me...Thanks

  • Firewalling
1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: Access List

access-l test permit ip any host 192.168.12.20

access-l test deny ip any 192.168.12.0 255.255.255.0

access-l test permit ip any any

access-g test in interface QA

access-g test in interface DEV

Please rate if helps.

Regards,

Sushil

7 REPLIES
Silver

Re: Access List

access-l test permit ip any host 192.168.12.20

access-l test deny ip any 192.168.12.0 255.255.255.0

access-l test permit ip any any

access-g test in interface QA

access-g test in interface DEV

Please rate if helps.

Regards,

Sushil

New Member

Re: Access List

Hi Sushil, Thanks for ur reply.

access-l test permit ip any any

if i make this then all DEV and QA users will able to access all NOC machines. Can you please clarify one by one. Thnaks

New Member

Re: Access List

ohhhh dear!!! got it now

Thanks

New Member

Re: Access List

Hi, now what i want it's that I want to give the access of DEV and QA users to access the outside 80 and 443 ports but for downloading e-mails Can i make a access list like through the domain name pop.gmail.com and smtp.gmail.com instead of using IP.

access-l test permit tcp any host pop/smtp.gmail.com eq 445

Is it possible??? Thanks

New Member

Re: Access List

??

Cisco Employee

Re: Access List

I am afraid..you can't use domain name in the ACL syntax

New Member

Re: Access List

Thanks!!!

155
Views
0
Helpful
7
Replies
This widget could not be displayed.