Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Cisco 2901 access-list block - HELP

Outside Customer Router

GigabitEthernet0/0 192.168.0.1 YES manual up up

GigabitEthernet0/1 10.10.100.11 YES manual up up

Internal Router

GigabitEthernet0/0         192.168.0.2     YES manual up                    up

GigabitEthernet0/1         172.16.201.1    YES manual up                    up

External host ip:  10.10.100.110

Internal host ip:  172.16.201.110

Here is my issue:

deny all inside-to-outside traffic

permit external host access to internal host but BLOCK everything else

My attempt on blocking ACL does not work.

access-list 110 deny   ip 192.0.0.0 0.0.0.255 any

access-list 110 deny   ip 224.0.0.0 0.0.31.255 any

access-list 110 deny   ip 10.0.0.0 0.255.255.255 any

access-list 110 deny   ip 172.16.0.0 0.15.255.255 any

access-list 110 permit tcp host 10.10.100.110 host 172.16.201.110

access-list 110 permit ip any any

interface gi0/???  

THIS IS TO BE APPLIED TO INTERNAL ROUTER ONLY.

Any help is appreciated.

2 REPLIES

Cisco 2901 access-list block - HELP

Reflexive acl may be able to be used here. I had responded and realized that I had interfaces wrong, so rather than editing a whole post I just deleted to start over.

Try the following on your internal router:

ip access-list ext Allowed

permit tcp host 10.10.100.110 host 172.16.201.110 reflect InOut

deny ip any any

ip access-list ext InOut

evaluate InOut

deny ip any any

int g0/1

ip access-group Allowed out

ip access-group InOut in

See if that works for you...

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
VIP Purple

Re: Cisco 2901 access-list block - HELP

The best way to achieve this is to configure an IOS-firewall on your router. But for that you need the "security" license.


Sent from Cisco Technical Support iPad App


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
421
Views
0
Helpful
2
Replies
CreatePlease to create content