cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
292
Views
1
Helpful
3
Replies

ACL, Allowing and Denying

Eng-Ruthless
Level 1
Level 1

Greetings,

I hope to help you clarify the concept of (ACL, Allowing and Denying).

I have a Cloud portal where I hosted Two Servers, and the support team added a section for me (Firewall), which is just an ACL.

SRV1 IP: 20.200.92.20
SRV2 IP: 20.200.108.10

However, I discovered that if I enter SRV2, I can access SRV1 through it.

So, from the Firewall section, I added a policy in the first place:

Deny 20.200.108.10/32 as the source & 20.200.92.20/32 as the destination

But the connection is still active. The most important question is: do I need to add the following line?

Deny 20.200.92.20/32 as the source & 20.200.108.10/32 as the destination

Please clarify, if possible.

3 Replies 3

Can you share topolgy 

MHM

There is no topology that illustrates what has been mentioned because there are no interfaces that I can assign as S & D. The idea is that there are servers hosted in the cloud, and I want to create Denying between them.

Do I need to add:

Deny 20.200.108.10/32 as the source & 20.200.92.20/32 as the destination

along with the following line

Deny 20.200.92.20/32 as the source & 20.200.108.10/32 as the destination

According to my understanding of Policing, it should be sufficient to block from one side only, but this scenario has caused confusion for me. Are there scenarios that require blocking from both sides in the same way?

""However, I discovered that if I enter SRV2, I can access SRV1 through it.""

How that can happened? 

The only thing make this allow is both server use GW different than FW' in such traffic between two server not filter by FW

MHM

 

Review Cisco Networking for a $25 gift card