https://community.cisco.com/t5/network-security/access-list/m-p/1074773#M895082 <HTML><HEAD></HEAD><BODY><P>??</P></BODY></HTML> Fri, 17 Oct 2008 07:50:36 GMT ray_stone 2008-10-17T07:50:36Z https://community.cisco.com/t5/network-security/access-list/m-p/1074768#M895075 <P>Hi, I m bit confused in making access lists. We have three V-lans following:</P><P>Vlan100 NOC SL 100 192.168.12.0/24</P><P>Vlan200 QA SL 50 192.168.13.0/24</P><P>Vlan300 DEV SL 50 192.168.14.0/24</P><P>Vlan2 Out SL 0 *.*</P><P></P><P>Among all V-lans except Outside we are using NO NAT, means all V-lan 100,200,300 Network Traffic are exempted. Now we come to access list : By default NOC can access both V-lan 200 and 300 Traffic and I m using PAT for all V-lans to access the internet. QA and DEV V-lans can access the internet without any problem and NOC too but I want to access one NOC machine 192.168.12.20 from QA and DEV V-lans and when I make a rule for this then QA and DEV not able to access the Internet. Can anyone help me...Thanks</P> Mon, 11 Mar 2019 13:57:28 GMT https://community.cisco.com/t5/network-security/access-list/m-p/1074768#M895075 ray_stone 2019-03-11T13:57:28Z https://community.cisco.com/t5/network-security/access-list/m-p/1074769#M895077 <HTML><HEAD></HEAD><BODY><P>access-l test permit ip any host 192.168.12.20 </P><P>access-l test deny ip any 192.168.12.0 255.255.255.0</P><P>access-l test permit ip any any</P><P>access-g test in interface QA</P><P>access-g test in interface DEV</P><P></P><P></P><P></P><P>Please rate if helps.</P><P></P><P></P><P>Regards,</P><P>Sushil</P><P></P></BODY></HTML> Tue, 14 Oct 2008 16:47:45 GMT https://community.cisco.com/t5/network-security/access-list/m-p/1074769#M895077 suschoud 2008-10-14T16:47:45Z https://community.cisco.com/t5/network-security/access-list/m-p/1074770#M895079 <HTML><HEAD></HEAD><BODY><P>Hi Sushil, Thanks for ur reply.</P><P></P><P>access-l test permit ip any any </P><P>if i make this then all DEV and QA users will able to access all NOC machines. Can you please clarify one by one. Thnaks</P></BODY></HTML> Tue, 14 Oct 2008 16:55:31 GMT https://community.cisco.com/t5/network-security/access-list/m-p/1074770#M895079 ray_stone 2008-10-14T16:55:31Z https://community.cisco.com/t5/network-security/access-list/m-p/1074771#M895080 <HTML><HEAD></HEAD><BODY><P>ohhhh dear!!! got it now</P><P>Thanks</P></BODY></HTML> Tue, 14 Oct 2008 16:57:47 GMT https://community.cisco.com/t5/network-security/access-list/m-p/1074771#M895080 ray_stone 2008-10-14T16:57:47Z https://community.cisco.com/t5/network-security/access-list/m-p/1074772#M895081 <HTML><HEAD></HEAD><BODY><P>Hi, now what i want it's that I want to give the access of DEV and QA users to access the outside 80 and 443 ports but for downloading e-mails Can i make a access list like through the domain name pop.gmail.com and smtp.gmail.com instead of using IP.</P><P>access-l test permit tcp any host pop/smtp.gmail.com eq 445</P><P></P><P>Is it possible??? Thanks</P></BODY></HTML> Fri, 17 Oct 2008 05:01:46 GMT https://community.cisco.com/t5/network-security/access-list/m-p/1074772#M895081 ray_stone 2008-10-17T05:01:46Z https://community.cisco.com/t5/network-security/access-list/m-p/1074773#M895082 <HTML><HEAD></HEAD><BODY><P>??</P></BODY></HTML> Fri, 17 Oct 2008 07:50:36 GMT https://community.cisco.com/t5/network-security/access-list/m-p/1074773#M895082 ray_stone 2008-10-17T07:50:36Z https://community.cisco.com/t5/network-security/access-list/m-p/1074774#M895083 <HTML><HEAD></HEAD><BODY><P>I am afraid..you can't use domain name in the ACL syntax</P></BODY></HTML> Fri, 17 Oct 2008 08:02:38 GMT https://community.cisco.com/t5/network-security/access-list/m-p/1074774#M895083 abinjola 2008-10-17T08:02:38Z https://community.cisco.com/t5/network-security/access-list/m-p/1074775#M895084 <HTML><HEAD></HEAD><BODY><P>Thanks!!!</P></BODY></HTML> Fri, 17 Oct 2008 08:19:10 GMT https://community.cisco.com/t5/network-security/access-list/m-p/1074775#M895084 ray_stone 2008-10-17T08:19:10Z