I want to grant an outside network access to a particular port on an IP address on my network. I entered the line below on my ACL yesterday then went home to see if my IP address was allowed. It was. I was expecting to be denied. I'm back to square one. The 1st IP address is the remote network. The 2nd one is my network's IP address. Any ideas? (The IP addresses below are not actual.)
Pls correct me if I've read your post incorrectly, you say you want to grant access to the inside interface from a remote network but then you imply that you wanted to see this as denied?
1. Your ACL looks okay - but which interface have configured it to, inside/outside?
2. If want to give the remote IP access only to the inside IP/port and if you have NAT/PAT applied then you'll require a static translation on your pix (I presume you are using a pix or are you doing this on router?)
Thank You for your reply. I did actually fail to mention that this change is being made on a Cisco 1600R router and not a PIX. I tried to access the resource on that TCP/IP address and port last night and I was able to access it. The desired result is to be denied access unless I have the specific IP address in the entry. This is on the Serial sub interface.
Thanks for the link in your last post. I reviewed the information and it shed some light on my issue. Before I make any further changes I would like to see if you answer a question that I have about my ACL. I have replaced the actual IP addresses with fictional ones. I always test the integrity of an ACL by relating the incoming traffic to a marble dropping through each line. Now when the marble drops into this ACL at lines 3 - 6 it is basically granted access to everything right? The following lines really have no bearing once that access is attained. Is that correct? If I remove lines 3-6 or relocate them to the bottom will my ACL do you think that I will get the desired result or will all incoming traffic be denied?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :