07-26-2008 06:35 AM - edited 03-11-2019 06:20 AM
Hi Experts,
I have an question about access-listing.
Information:
Firewall with three vlan`s.
1 INSIDE
2 OUTSIDE
3 BACKUP
Is it possible to only make an ACL from inside to backup segment? On this moment i have an server in inside with smtp any. But is want make an deny rule of this server from inside to backup vlan smtp.
is this possible? If somebody know the answer please can you send my the cmdlets.
Thanks a lot!
Bart.
07-26-2008 01:56 PM
Bart,
Yes it's possible - it is just basic source and destination access-list commands.
The below url is full of information that will help you:-
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/prod_configuration_examples_list.html
HTH>
07-27-2008 01:58 AM
There are so lot of information on that website, that i cannot find the information what i need.
I want the following:
ACL from INSIDE server to OUTSIDE any permit SMTP (public-ip-address).
and when the outside is down (ISP-failover)
ACL from INSIDE to BACKUP deny smtp smarthost isp first one
ACL from INSIDE to BACKUP permit smtp any
Is this possible?
One this momment i can not select an network als exampel BACKUP en then deny specified ip.
I Hope somebody can helping my or have experience with this..
07-27-2008 02:08 AM
it sounds not hard
but i couldnt understand ur requirements
could u send a bit more clear details about ur requerments to let me help u
thank u
07-27-2008 02:20 AM
Oke,
Is it possible to make an access-list only for permit our denied traffice what is incomming on specify interface.
I have an inside vlan what needs permitting smtp when its routing to the outside interface.
When the outside interface is down the cisco firewall does make an auto routing to the backup interface.
Know i want an access-list that deny traffic smtp from inside to the backup interface.
I think this is possible with outbound access-listing?
07-27-2008 02:31 AM
sure u can
if ur traffic going to known/spesified subnet or network u can use outbound ACL in the IN direction on ur inside interface
but if u dont know i mean the destination in ur ACL is any
then mak a deny statment in an ACL that deny whatever traffic u want
and apply it in outbound direction on the backup interface
access-list 100 deny tcp host 1.1.1.1 any eq smtp
access-list 100 permit ip any any
access-group 100 OUT interface backup
good luck
please, Rate if helpful
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide