https://community.cisco.com/t5/network-security/access-list-configuration/m-p/2216588#M920743 <HTML><HEAD></HEAD><BODY><P>Hi Vignesh,</P><P></P><P></P><P>You must specify the "Public" IP address of the domain because the ACL check will happend befor the NAT translation.</P><P></P><P>HTH</P><P></P><P>Luis Silva <BR /> <BR />"If you need PDI (Planning, Design, Implement) assistance feel free to reach" <BR /> <BR /><A class="jive-link-external-small" href="http://www.cisco.com/web/partners/tools/pdihd.html">http://www.cisco.com/web/partners/tools/pdihd.html</A></P></BODY></HTML> Mon, 08 Jul 2013 23:33:02 GMT Luis Silva Benavides 2013-07-08T23:33:02Z https://community.cisco.com/t5/network-security/access-list-configuration/m-p/2216587#M920742 <P>Hi all,</P><P></P><P>Here's the scenario:</P><P></P><P>We have a cisco 1811 router at our datacenter solely used for VoIP purpose and also a cisco 2811 router here in our office. </P><P></P><P>There is a tunnel between these 2 routers and it's working fine. Tunnel is up and no problems with ping. </P><P></P><P>The VoIP router is setup with public IP. Hence, if we ping voip.xxx.com from outside, we will get the public IP configured for it. This "voip.xxx.com" is configured on our softphones (such as x-lite) from outside. </P><P></P><P>Now, we want to limit the usage in such as way that only our office should be able to talk to "voip.xxx.com" and it should be denied from outside. </P><P></P><P>I have configured the VoIP router something like below:</P><P></P><P>interface Vlan1</P><P> ip address 203.82.x.x 255.255.255.252</P><P> ip nat inside</P><P> ip virtual-reassembly</P><P> ip access-group Elastix in</P><P></P><P></P><P></P><P>ip access-list extended Elastix</P><P> permit ip host 203.82.x.x 192.168.100.0 0.0.0.255</P><P> permit ip host 203.82.x.x 192.168.100.0 0.0.0.255</P><P> permit ip host 203.82.x.x 192.168.100.0 0.0.0.255</P><P></P><P></P><P></P><P>Once I do the above, I am not able to ping "voip.xxx.com" from my office and the phones stop working. </P><P></P><P>Any help would be greatly appreciated. If you require configs of the router, please let me know. </P><P><SPAN __jive_emoticon_name="sad" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/tiny_mce3/plugins/jiveemoticons/images/spacer.gif"></SPAN></P><P></P><P></P><P>Kind Regards, <BR />Vignesh.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P> Fri, 21 Feb 2020 12:53:59 GMT https://community.cisco.com/t5/network-security/access-list-configuration/m-p/2216587#M920742 Vignesh Ekanathan 2020-02-21T12:53:59Z https://community.cisco.com/t5/network-security/access-list-configuration/m-p/2216588#M920743 <HTML><HEAD></HEAD><BODY><P>Hi Vignesh,</P><P></P><P></P><P>You must specify the "Public" IP address of the domain because the ACL check will happend befor the NAT translation.</P><P></P><P>HTH</P><P></P><P>Luis Silva <BR /> <BR />"If you need PDI (Planning, Design, Implement) assistance feel free to reach" <BR /> <BR /><A class="jive-link-external-small" href="http://www.cisco.com/web/partners/tools/pdihd.html">http://www.cisco.com/web/partners/tools/pdihd.html</A></P></BODY></HTML> Mon, 08 Jul 2013 23:33:02 GMT https://community.cisco.com/t5/network-security/access-list-configuration/m-p/2216588#M920743 Luis Silva Benavides 2013-07-08T23:33:02Z