I have a problem with access-list. I am have three different networks, one is (assuming IP, just for protection) 220.127.116.11, 18.104.22.168 and 22.214.171.124. So I have three routers a each network, R1, R2 and R3. I wan network 126.96.36.199 talk to 188.8.131.52 but should NOT communicate with 184.108.40.206. Also 220.127.116.11 can talk to 18.104.22.168 but not to 22.214.171.124. So in R1 I configured the access-list the following way,
access-list 100 deny ip 126.96.36.199 0.0.0.252 188.8.131.52 0.0.0.252
access-list 100 permit ip any any
Then in interface fa0/0 I typed, ip access-group 100 in. I also do the same thing with R3 and I changed the IP address. It works fine but I am not happy with the command, permit any any. Is there another way so that this should work? I tried replacing the permit ip any any with permit ip 184.108.40.206 0.0.0.252 220.127.116.11 0.0.0.252 but does NOT work.
Any comments or suggestions are welcome.
Solved! Go to Solution.
Looking at your previous posting why do you have the wild card mask set to 0.0.0.252?
Do you mean to include networks 18.104.22.168/24 - 22.214.171.124/24. If that's what you want then the WC you need to use is 0.0.252.255.
"Do you mean to include networks 126.96.36.199/24 - 188.8.131.52/24. If that's what you want then the WC you need to use is 0.0.252.255."
Perhaps you mean, 0.0.3.255 ?
It works the way you said it, 0.255. So what I am trying to do is to access the routers from any network but restrict the networks so they can't communicate (184.108.40.206 can't to 220.127.116.11). That's why I had 252 because the router ip is .253