This is the situation. We have a fixed list of external clients ( a.a.a.a,b.b.b.b,c.c.c.c) and we want them to access fixed servers ( 188.8.131.52 (10),184.108.40.206 (20), 220.127.116.11. (30) ) in the office. All these servers have a real world ip address which has been given to these external clients.
What I want to do is limit these users to these servers.
On the Serial line, i already have
access-list 100 permit tcp any host 18.104.22.168 eq 10
access-list 100 permit tcp any host 22.214.171.124 eq 20
access-list 100 permit tcp any host 126.96.36.199 eq 30
ip access-group 100 in
Now on the Ethernet Interface.
I want to tighten the security further by saying that the clients a.a.a.a, b.b.b.b,c.c.c.c can only get to 188.8.131.52 (10),184.108.40.206 (20), 220.127.116.11. (30).
First, if you aply access-list 100 only for external clients(aaa......) just only these clients can access your network, because you are not given permission to other clients, access-list 100 permit ip any any not included in the end of your access-list.
About the other access-list to interface ethernet, you don't need, because you are blocking in the interface serial.
so that it will not use up the cpu of the router too much. Then the implicit deny will deny all other users.
The access list 100 i wrote before means that all users will get past the serial interface, go through the router and then get stopped only as they pass through the ethernet interface. Is this correct?
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...