Re: ACLs on Cisco 2600

cacmk5 · ‎07-24-2008

Hello -

I have a 2600 router that separates two networks and I need to setup an ACL to allow traffic from 192.168.1.0/24 to two IP Addresses, 10.13.3.10 and 10.3.10.2. The rest of the network should be accessible from the 192.168.1.x net.

acomiskey · ‎07-24-2008

You statement is a little confusing. You want to allow the 192. network to 2 addresses on the 10. network. Then you say the rest of the network should be accessible from the 192. network. What are you denying?

cacmk5 · ‎07-24-2008

Sorry I meant the rest of the 10.x net shouldn't be accessible from the 192.x net

Jon Marshall · ‎07-24-2008

access-list 101 permit ip 192.168.1.0 0.0.0.255 host 10.13.3.10

access-list 101 permit ip 192.168.1.0 0.0.0.255 host 10.3.10.2

access-list 101 deny ip 192.168.1.0 0.0.0.255 10.0.0.0 0.255.255.255

access-list 101 permit ip any any

Note - your 10.x.x.x addressing - i'm assuming from the addresses you used that the network is 10.0.0.0/8

There is a permit ip any any at the end to allow the 192.168.1.0/24 network to talk to other networks other than 10.0.0.0/8. You may or may not need this.

Then apply the access-list inbound on the interface connecting to 192.168.1.0/24 network

int fa0/0

ip access-group 101 in

Jon

cacmk5 · ‎07-24-2008

Thanks. I'll reply back and let you know how it goes.