Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Can anyone tell me what this says?

access-list 100 permit ip 192.168.231.0 0.0.0.255 192.168.230.0 0.0.0.255

access-list 110 deny ip 192.168.231.0 0.0.255 192.168.0.0 0.0.255.255

access-list 110 permit ip 192.168.231.0 0.0.255 any

access-list 120 permit ip any any

Can anyone expalin what exactly this says? Thanks.

1 REPLY
Cisco Employee

Re: Can anyone tell me what this says?

ACL 100 says permit ip from 192.168.231.0/24 to 192.168.230.0/24

ACL 110 says deny ip from 192.168.231.0/24 to 192.168.0.0/16, but then allow ip from 192.168.231.0/24 to anywhere else

ACL 120 obviously allows everything.

ACL 100 is probably a crypto ACL, in that it defines the traffic to be encrypted.

ACL 110 is probably a NAT ACL, in that it defines traffic to be NAT'd. Because you don't want to NAT the encrypted traffic, you deny it from being NAT'd with the first line, but NAT it if it's going anywhere else.

ACL 120 could be for anything.

109
Views
0
Helpful
1
Replies
CreatePlease to create content