https://community.cisco.com/t5/network-security/access-list/m-p/720606#M1020991 <P>I am trying to configure ACL for remote location, accessing one of application on specific port. At remote side they have created a VLAN (e.g. 11.1.x.x) and at main office inside VLAN is 11.2.x.x. I have added route(ip of remote router) to pix and applied this ACL to the outside interface. But the remote user is unable to access application.</P><P>For example:</P><P>access-list inside_acl 11.1.0.0 255.255.255.0 host 11.2.0.1 eq 23678</P><P>where,</P><P>11.1.0.0=&gt; remote network</P><P>11.2.0.1=&gt; server/host at main office</P><P></P><P>I am confused whether to apply this acl to Inside interface or Outside interface.</P><P></P><P></P> Mon, 11 Mar 2019 10:53:33 GMT vrush_192000 2019-03-11T10:53:33Z https://community.cisco.com/t5/network-security/access-list/m-p/720606#M1020991 <P>I am trying to configure ACL for remote location, accessing one of application on specific port. At remote side they have created a VLAN (e.g. 11.1.x.x) and at main office inside VLAN is 11.2.x.x. I have added route(ip of remote router) to pix and applied this ACL to the outside interface. But the remote user is unable to access application.</P><P>For example:</P><P>access-list inside_acl 11.1.0.0 255.255.255.0 host 11.2.0.1 eq 23678</P><P>where,</P><P>11.1.0.0=&gt; remote network</P><P>11.2.0.1=&gt; server/host at main office</P><P></P><P>I am confused whether to apply this acl to Inside interface or Outside interface.</P><P></P><P></P> Mon, 11 Mar 2019 10:53:33 GMT https://community.cisco.com/t5/network-security/access-list/m-p/720606#M1020991 vrush_192000 2019-03-11T10:53:33Z https://community.cisco.com/t5/network-security/access-list/m-p/720607#M1020992 <HTML><HEAD></HEAD><BODY><P>Hi</P><P></P><P>You need to apply this on the outside interface of your pix in the inbound direction as the user is in the remote office and is sending traffic to your vlan. </P><P></P><P>Be aware that there is an implict deny at the end of each access-list so if you apply that access-list as is it will only allow port 23768 from vlan 11.1.x.x through.</P><P></P><P>HTH</P><P></P><P>Jon</P></BODY></HTML> Sun, 05 Aug 2007 17:59:40 GMT https://community.cisco.com/t5/network-security/access-list/m-p/720607#M1020992 Jon Marshall 2007-08-05T17:59:40Z https://community.cisco.com/t5/network-security/access-list/m-p/720608#M1020993 <HTML><HEAD></HEAD><BODY><P>Create it as a Extended permit, it should work.</P><P></P><P>access-list 100 extended permit tcp 172.16.1.0 255.255.255.0 10.1.1.0 </P><P>255.255.255.0 eq 2000</P><P></P><P>and put it as on interface as a Outbound.</P><P></P><P>Regards,</P><P>Dharmesh Purohit</P></BODY></HTML> Sun, 05 Aug 2007 18:01:38 GMT https://community.cisco.com/t5/network-security/access-list/m-p/720608#M1020993 purohit_810 2007-08-05T18:01:38Z https://community.cisco.com/t5/network-security/access-list/m-p/720609#M1020995 <HTML><HEAD></HEAD><BODY><P>See same as you are asking on below Link.. ACL EXAMPLES:</P><P></P><P><A class="jive-link-custom" href="http://www.netcraftsmen.net/welcher/papers/pix02.html" target="_blank">http://www.netcraftsmen.net/welcher/papers/pix02.html</A></P><P></P><P></P><P></P><P>REgards,</P><P>Dharmesh Purohit</P></BODY></HTML> Sun, 05 Aug 2007 18:07:41 GMT https://community.cisco.com/t5/network-security/access-list/m-p/720609#M1020995 purohit_810 2007-08-05T18:07:41Z https://community.cisco.com/t5/network-security/access-list/m-p/720610#M1020996 <HTML><HEAD></HEAD><BODY><P>Dear All,</P><P></P><P>Thanks...</P></BODY></HTML> Mon, 06 Aug 2007 11:55:12 GMT https://community.cisco.com/t5/network-security/access-list/m-p/720610#M1020996 vrush_192000 2007-08-06T11:55:12Z