https://community.cisco.com/t5/network-security/access-from-one-subnet-to-another/m-p/1092620#M915529 <P>Hello,</P><P></P><P>I have a router. I connected 3 port so I have 3 subnets:</P><P>192.168.0.0/24 Fa0, 192.168.1.0/24 Fa1, and 192.168.2.0/24 Fa2</P><P></P><P>Now, I need to do:</P><P>Subnet 192.168.1.0 is the most secure so nobody should access it, except one host from 192.168.2.0 subnet(192.168.2.10), but users from 192.168.1.0 should access both 0.0 and 2.0 subnets.</P><P>Subnets 192.168.0.0 and 192.168.2.0 should access each otherwith no restriction.</P><P></P><P>I have configured this:</P><P>access-list 100 deny ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255</P><P>access-list 100 deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255</P><P>access-list 100 permit ip any any</P><P>int fast 1</P><P>access-group 100 out</P><P></P><P>but in this way if users from 192.168.1.0 try to access the other 2 subnet, the return trafic will match the access list 100 so subnet 192.168.1.0 is not able to access them.</P><P></P><P>Can u give me a solution please?</P><P></P><P>Thank U!</P> Wed, 13 Mar 2019 00:57:55 GMT Spinu Viorel 2019-03-13T00:57:55Z https://community.cisco.com/t5/network-security/access-from-one-subnet-to-another/m-p/1092620#M915529 <P>Hello,</P><P></P><P>I have a router. I connected 3 port so I have 3 subnets:</P><P>192.168.0.0/24 Fa0, 192.168.1.0/24 Fa1, and 192.168.2.0/24 Fa2</P><P></P><P>Now, I need to do:</P><P>Subnet 192.168.1.0 is the most secure so nobody should access it, except one host from 192.168.2.0 subnet(192.168.2.10), but users from 192.168.1.0 should access both 0.0 and 2.0 subnets.</P><P>Subnets 192.168.0.0 and 192.168.2.0 should access each otherwith no restriction.</P><P></P><P>I have configured this:</P><P>access-list 100 deny ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255</P><P>access-list 100 deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255</P><P>access-list 100 permit ip any any</P><P>int fast 1</P><P>access-group 100 out</P><P></P><P>but in this way if users from 192.168.1.0 try to access the other 2 subnet, the return trafic will match the access list 100 so subnet 192.168.1.0 is not able to access them.</P><P></P><P>Can u give me a solution please?</P><P></P><P>Thank U!</P> Wed, 13 Mar 2019 00:57:55 GMT https://community.cisco.com/t5/network-security/access-from-one-subnet-to-another/m-p/1092620#M915529 Spinu Viorel 2019-03-13T00:57:55Z https://community.cisco.com/t5/network-security/access-from-one-subnet-to-another/m-p/1092621#M915532 <HTML><HEAD></HEAD><BODY><P>I assume int fast 1 is 192.168.1.x?</P><P></P><P>access-list 100 permit tcp any 192.168.1.0 0.0.0.255 established</P><P>access-list 100 permit ip 192.168.2.10 0.0.0.0 192.168.1.0 0.0.0.255</P><P>int fast 1 </P><P>access-group 100 out </P></BODY></HTML> Thu, 31 Jul 2008 14:16:01 GMT https://community.cisco.com/t5/network-security/access-from-one-subnet-to-another/m-p/1092621#M915532 acomiskey 2008-07-31T14:16:01Z https://community.cisco.com/t5/network-security/access-from-one-subnet-to-another/m-p/1092622#M915534 <HTML><HEAD></HEAD><BODY><P>yes, you assumed right and it is working</P><P></P><P>thanks a lot</P></BODY></HTML> Fri, 01 Aug 2008 11:53:58 GMT https://community.cisco.com/t5/network-security/access-from-one-subnet-to-another/m-p/1092622#M915534 Spinu Viorel 2008-08-01T11:53:58Z https://community.cisco.com/t5/network-security/access-from-one-subnet-to-another/m-p/1092623#M915536 <HTML><HEAD></HEAD><BODY><P>What kind of router do you have?</P></BODY></HTML> Fri, 01 Aug 2008 14:12:48 GMT https://community.cisco.com/t5/network-security/access-from-one-subnet-to-another/m-p/1092623#M915536 eplanchon 2008-08-01T14:12:48Z https://community.cisco.com/t5/network-security/access-from-one-subnet-to-another/m-p/1092624#M915538 <HTML><HEAD></HEAD><BODY><P>cisco 1812</P></BODY></HTML> Fri, 01 Aug 2008 16:53:01 GMT https://community.cisco.com/t5/network-security/access-from-one-subnet-to-another/m-p/1092624#M915538 Spinu Viorel 2008-08-01T16:53:01Z https://community.cisco.com/t5/network-security/access-from-one-subnet-to-another/m-p/1092625#M915539 <HTML><HEAD></HEAD><BODY><P>Thanks.</P><P>How do you define 3 subnets using this router?</P><P>Do you need to do VLAN?</P><P></P></BODY></HTML> Fri, 01 Aug 2008 17:09:30 GMT https://community.cisco.com/t5/network-security/access-from-one-subnet-to-another/m-p/1092625#M915539 eplanchon 2008-08-01T17:09:30Z https://community.cisco.com/t5/network-security/access-from-one-subnet-to-another/m-p/1092626#M915541 <HTML><HEAD></HEAD><BODY><P>yes...it is a little more complicated.</P><P>the subnets are connected via a switch HP with VLANS and I have access-list on every every subnet IN direction...but I was intrested in the problem with returning traffic (if u read my firs message)</P></BODY></HTML> Fri, 01 Aug 2008 17:19:12 GMT https://community.cisco.com/t5/network-security/access-from-one-subnet-to-another/m-p/1092626#M915541 Spinu Viorel 2008-08-01T17:19:12Z