Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

an access-list question (basic)

Hi,

I have a 1700 series router with one WAN interface and one ETHERNET interface. The WAN interface connects to a T1 line and the ETHERNET interface to a switch (local LAN).

My objective is to implement an access-list that permits incoming access (from the internet) to my servers (database, application, etc) only from select IPs. i.e., access to these servers are possible only from another network of ours (a different office) and not from anywhere else.

My question is, which would be the correct position to apply this access-list?.Would it be at the WAN interface (inbound) or at the ETHERNET interface (outbound)?. Since both will work (or so I assume), are there any advantages or disadvantages of having it at either of these locations?.

your feedback is very much appreciated.

Thank you, and have a wonderful year 2003!

3 REPLIES
Cisco Employee

Re: an access-list question (basic)

Hi,

It is a good practice to apply the ACL on the interface closest to the source of the traffic. The below URL gives some detail info about the same:

http://www.cisco.com/warp/customer/707/confaccesslists.html

I would prefer applying the access-list on the inbound of the WAN interface and thus avoiding the router doing the processing of the packet and routing to the Ethernet interface where the packet eventually gets denied.

Regards,

Arul

New Member

Re: an access-list question (basic)

Thank you for your reply.

the URL you gave me asks for a username/password.

Cisco Employee

Re: an access-list question (basic)

Hi,

You can register in the below URL and then try to access the page.

http://tools.cisco.com/RPF/register/register.do

Regards,

Arul

90
Views
0
Helpful
3
Replies
CreatePlease to create content