Access List

eviliunas · ‎06-08-2001

I have a access list set up: access-list 11 permit

x.x.1.0 0.0.0.255. Would I like to know is if I

need to apply the Access list to the interface as inbound or outbound.

I want to prevent anyone coming in from the Internet

to my Lan. I only have one network and only want that one in and out.

cbyrnes · ‎06-08-2001

You will need to apply more than 1 list in order to do what you want - if you apply your list on the ser port as out, you will not prevent in-bound traffic. If you apply it on the lan side, you would not prevent traffic from other networks. You might look into using NAT, which is quite easy to set up.

Search CCO for Access-list and/or NAT - there are some good write ups.

kasey.hohenbrink · ‎07-11-2001

try the following

outside interface

ip access-group 101 in

access-list 101 permit tcp any any established

access-list 101 deny ip any any log-input

you don't really need a access-group out if you don't worry about multiple inside

networks. The short list above will also allow you to hook up a workstation to the

router and debug the acl. simply log on to the console and then try to do a

transaction on the workstation (ie: open a website, or send email)