Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Access List??

We need to give an untrusted network access to only one server. They will not give us access to configure an access list on their router so we have to do it from our end.

WIll configuring an extended access list like

ip access-list 101 permit 192.178.0.0 0.0.255.255 host 172.240.1.10 and configured on all our MSFC and then applied to the vlan that the Server is on work. But then will this not deny all other network on the 172.x.x.x network. How do I go about doing this succesfully.?

We do not want the network 192.178.0.0 going anywhere else but to 172.240.1.10.

Thanks

1 REPLY
New Member

Re: Access List??

It sounds as though your best bet is to apply the access list to the interface that faces the untrusted network. Let in only traffic destined for 172.240.1.10 and deny anything else. All other traffic will be dropped at the ingress port. By the way, this is a better approach then putting the access list on their router. You want to be in control of your security!!!

95
Views
0
Helpful
1
Replies