07-24-2008 12:11 PM - edited 03-11-2019 06:19 AM
Hello -
I have a 2600 router that separates two networks and I need to setup an ACL to allow traffic from 192.168.1.0/24 to two IP Addresses, 10.13.3.10 and 10.3.10.2. The rest of the network should be accessible from the 192.168.1.x net.
07-24-2008 12:25 PM
You statement is a little confusing. You want to allow the 192. network to 2 addresses on the 10. network. Then you say the rest of the network should be accessible from the 192. network. What are you denying?
07-24-2008 12:31 PM
Sorry I meant the rest of the 10.x net shouldn't be accessible from the 192.x net
07-24-2008 12:45 PM
access-list 101 permit ip 192.168.1.0 0.0.0.255 host 10.13.3.10
access-list 101 permit ip 192.168.1.0 0.0.0.255 host 10.3.10.2
access-list 101 deny ip 192.168.1.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 101 permit ip any any
Note - your 10.x.x.x addressing - i'm assuming from the addresses you used that the network is 10.0.0.0/8
There is a permit ip any any at the end to allow the 192.168.1.0/24 network to talk to other networks other than 10.0.0.0/8. You may or may not need this.
Then apply the access-list inbound on the interface connecting to 192.168.1.0/24 network
int fa0/0
ip access-group 101 in
Jon
07-24-2008 12:51 PM
Thanks. I'll reply back and let you know how it goes.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide