01-15-2024 02:27 AM
Hello,
I want to create an ACL on Cisco to prevent one network from communicating with others except for the internet. I managed to block the communication, but I lost internet access. I think I'm missing something.
List of my networks:
Network 1: 192.168.1.0/24 Network 2: 192.168.2.0/24 Network 3: 192.168.3.0/24 Network 4: 192.168.4.0/24 Network 5: 192.168.5.0/24 (connected to another router that connects to the internet)
Network 1 should not be able to communicate with other networks except for Network 5.
Can you help me with the commands? Should I use a standard ACL or an extended one?
Thank you for your assistance.
Solved! Go to Solution.
01-15-2024 03:07 AM
There are two
Approach
1- start acl with deny and end it with permit any any
2-start with petmit and end with deny any any
Here you mention you want to prevent your network to connect to other subnet and all access to internet
So it first deny your subnet to connect to other subnet then permit any any (since we dont know which IP the host will connect).
MHM
01-15-2024 02:37 AM - edited 01-15-2024 02:37 AM
You need extended acl
The order is important
1-Deny ip your subnet to connect to other subnet
2-Permit ip any any
If there is server in other subnet use permit l4 port (l4 port server use)
MHM
01-15-2024 03:02 AM
Thank for reply, Can't I do a deny any at the end ?
permy any is ok, but i would like make deny any. Possible ?
01-15-2024 03:07 AM
There are two
Approach
1- start acl with deny and end it with permit any any
2-start with petmit and end with deny any any
Here you mention you want to prevent your network to connect to other subnet and all access to internet
So it first deny your subnet to connect to other subnet then permit any any (since we dont know which IP the host will connect).
MHM
01-15-2024 03:18 AM
What device is this and what code running, depends on the device you need apply IN and OUT where the traffic orginnatic from or leaving to.
check below document with example :
https://community.cisco.com/t5/networking-knowledge-base/cisco-access-control-lists-acl/ta-p/4182349
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide