Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
564
Views
0
Helpful
3
Replies

ACL Between 2851 and Consumer Netgear

Go to solution
Jeff
Level 1
Level 1

‎01-28-2014 11:06 PM - last edited on ‎03-25-2019 03:41 PM by Community Manager

Hello All,

I have a very elementary ACL question, but for the life of me I can not get it to work.  My home lab scenario is this;

I have a specific computer (SERVER A) on my 192.168.20.x network, and I do not want it to be able to access the Internet, which is accessible through my consumer Netgear router at 192.168.0.1.  In between the 192.168.20.x network and the 192.168.0.x network is a Cisco 2851. The 2851 has the default static route set to 192.168.0.1, the address of the Netgear router. However, both networks need to be able to communicate with the server internally.  Below is a sketch of the network. 

SERVER A -------- (INT GI0/1 ------INT GI0/0) ----------------(NETGEAR ROUTER 192.168.0.1)-----------INTERNET

                                   2851 ROUTER

   deny tcp host 192.168.20.20 host 192.168.0.1

   deny ip host 192.168.20.20 host 192.168.0.1

   permit ip any any

I figured I probably needed to apply it to the gi0/0 interface since the routing process would be sending it out that interface, however neither direction is blocking the attempt to access the Internet. 

Any suggestions is greatly appreciated.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
cadet alain
VIP Alumni
VIP Alumni

‎01-28-2014 11:19 PM

HI,

ip access-list extended NO-INTERNET

permit ip  192.168.20.0 0.0.0.255 192.168.0.0 0.0.0.255

deny ip host 192.168.20.20 any

permit ip any any

int g0/1

ip access-group NO-INTERNET in

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
kcnajaf
Level 7
Level 7

‎01-28-2014 11:17 PM

Hi Jeffrey,

The default gateway address on the server/PC is the ip address on the interface Gi0/1..right?

If that is the case try applying above ACL on Gi0/1 in inbound direction.

Hope that helps.

Regards

Najaf

Please rate when applicable or helpful !!!

0 Helpful

Go to solution
cadet alain
VIP Alumni
VIP Alumni

‎01-28-2014 11:19 PM

HI,

ip access-list extended NO-INTERNET

permit ip  192.168.20.0 0.0.0.255 192.168.0.0 0.0.0.255

deny ip host 192.168.20.20 any

permit ip any any

int g0/1

ip access-group NO-INTERNET in

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful

Go to solution
Jeff
Level 1
Level 1
In response to cadet alain

‎01-29-2014 09:18 PM

Thanks guys, Cadet Alain's config did the trick. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card