Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Access list

I have a request that a remote subnet is not allowed onto the rest of the corporate net but everybody else can get in.

Is this possible?

Something like:-

deny 172.16.40.0 0.0.0.255 any (where 172.16.40.0 is the remote net)

permit ip any any

wont work will it as the packet on the way back would get blocked?

1 REPLY

Re: Access list

This idea can work. You have the opportunity to filter in incoming or outgoing direction. As described here, this would be an incoming filter.

Traffic is only blocked in one direction. This will suffice to stop unwanted traffic flows.

Some tips:

- In these cases you preferrably specify a destination range as well instead of the keyword: any.

- With an extended access-list the syntax is: deny IP 172.16.... You may specify tcp or udp instead but some protocol specification is required here.

80
Views
0
Helpful
1
Replies
CreatePlease to create content