Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Applying ACL on Serial interface in "IN" direction

Hi,

I am trying to apply extended access-list on serial interface in the IN direction allowing only a certain network on the remote side to access a single host in my network, but the problem which I am facing is that all my outgoing traffic is getting blocked. What can be the probable reason for this. Please help me out of this.

Thanking you

Salim

3 REPLIES

Re: Applying ACL on Serial interface in "IN" direction

The problem could be with your inbound access-list blocking all your return traffic. Note that an ACL has an implicit deny at the end. So you need to deny all specific things you want to deny FIRST and then at the END, specify a permit any to permit the rest of the traffic.

Your ACL should look like this.

access-list 101 deny ip host

access-list 101 permit ip any any

where x.x.x.x is the host in your local network.

y.y.y.y is the network address of the remote side

z.z.z.z is the wild card mask matching y.y.y.y

The last line is needed to permit the return traffic (for your outgoing traffic).

Check if you have this statement on your ACL.

Re: Applying ACL on Serial interface in "IN" direction

Hi, I agree with Shanky but I think the ACL is easier to build following way:

access-list 101 permit ip host

access-list 101 deny ip any host

access-list 101 permit ip any any

When you apply it as inbound ACL on your serial interface:

The first line allows network with wildcard connect to host .

The second line denies any other IP address to connect to host .

Regards,

Milan

New Member

Re: Applying ACL on Serial interface in "IN" direction

Hi,

Thanks for the solution it worked perfectly.

Regards

Salim

455
Views
0
Helpful
3
Replies
CreatePlease login to create content