06-08-2001 08:03 AM - edited 02-20-2020 09:15 PM
I have a access list set up: access-list 11 permit
x.x.1.0 0.0.0.255. Would I like to know is if I
need to apply the Access list to the interface as inbound or outbound.
I want to prevent anyone coming in from the Internet
to my Lan. I only have one network and only want that one in and out.
06-08-2001 09:19 AM
You will need to apply more than 1 list in order to do what you want - if you apply your list on the ser port as out, you will not prevent in-bound traffic. If you apply it on the lan side, you would not prevent traffic from other networks. You might look into using NAT, which is quite easy to set up.
Search CCO for Access-list and/or NAT - there are some good write ups.
07-11-2001 12:01 PM
try the following
outside interface
ip access-group 101 in
access-list 101 permit tcp any any established
access-list 101 deny ip any any log-input
you don't really need a access-group out if you don't worry about multiple inside
networks. The short list above will also allow you to hook up a workstation to the
router and debug the acl. simply log on to the console and then try to do a
transaction on the workstation (ie: open a website, or send email)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide