access-list 101 permit ip 10.193.101.0 0.0.0.255 host 18.104.22.168
access-list 101 permit ip 10.193.101.0 0.0.0.255 host 22.214.171.124
access-list 101 deny ip 10.193.101.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 101 deny ip 10.193.101.0 0.0.0.255 126.96.36.199 0.255.255.255
access-list 101 permit ip any any
i have applied to to a vlan interface, my goal was to create a vlan that would only have access to dns and the web and block access to my internal network which would be the 10.0.0.0 and the 188.8.131.52 networks. once i applied this i found that i still have access to my internal network. is there something wrong with my syntax? any suggestions?
change the last line to "access-list 101 permit ip any any log", enable logging on the router and add "logging buffered debug". then test again, then show log to see why the traffic is being passed. the traffic you want blocked must be matching one of the permit statements in the list.
i did as suggested, and it seems that the deny statements aren't working.
i changed the order they came in and entered them first in the access list, and they still do not work. why is this? as soon as the router finds a match it should exit the access-list and permit or deny the packet based on what it finds, why isn't this happening in my case?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...