
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-31-2008 06:57 AM - edited 03-12-2019 05:57 PM
Hello,
I have a router. I connected 3 port so I have 3 subnets:
192.168.0.0/24 Fa0, 192.168.1.0/24 Fa1, and 192.168.2.0/24 Fa2
Now, I need to do:
Subnet 192.168.1.0 is the most secure so nobody should access it, except one host from 192.168.2.0 subnet(192.168.2.10), but users from 192.168.1.0 should access both 0.0 and 2.0 subnets.
Subnets 192.168.0.0 and 192.168.2.0 should access each otherwith no restriction.
I have configured this:
access-list 100 deny ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 100 deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 100 permit ip any any
int fast 1
access-group 100 out
but in this way if users from 192.168.1.0 try to access the other 2 subnet, the return trafic will match the access list 100 so subnet 192.168.1.0 is not able to access them.
Can u give me a solution please?
Thank U!
Solved! Go to Solution.
- Labels:
-
NGFW Firewalls
Accepted Solutions

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-31-2008 07:16 AM
I assume int fast 1 is 192.168.1.x?
access-list 100 permit tcp any 192.168.1.0 0.0.0.255 established
access-list 100 permit ip 192.168.2.10 0.0.0.0 192.168.1.0 0.0.0.255
int fast 1
access-group 100 out

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-31-2008 07:16 AM
I assume int fast 1 is 192.168.1.x?
access-list 100 permit tcp any 192.168.1.0 0.0.0.255 established
access-list 100 permit ip 192.168.2.10 0.0.0.0 192.168.1.0 0.0.0.255
int fast 1
access-group 100 out

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-01-2008 04:53 AM
yes, you assumed right and it is working
thanks a lot
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-01-2008 07:12 AM
What kind of router do you have?

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-01-2008 09:53 AM
cisco 1812
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-01-2008 10:09 AM
Thanks.
How do you define 3 subnets using this router?
Do you need to do VLAN?

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-01-2008 10:19 AM
yes...it is a little more complicated.
the subnets are connected via a switch HP with VLANS and I have access-list on every every subnet IN direction...but I was intrested in the problem with returning traffic (if u read my firs message)
