07-20-2007 10:42 AM - edited 03-11-2019 03:47 AM
07-20-2007 12:22 PM
Please post your solution. It could help someone else.
Thanks.
07-21-2007 02:11 AM
access-list cscTraffic extended deny ip host 192.168.10.254 any
access-list cscTraffic extended deny ip host 192.168.1.199 any
access-list cscTraffic extended permit tcp any any eq www
access-list cscTraffic extended permit tcp any any eq pop3
access-list cscTraffic extended permit tcp any any eq smtp
access-list cscTraffic extended permit tcp any any eq ftp
class-map global-class
match default-inspection-traffic
class-map csc-class
match access-list cscTraffic
!
!
policy-map global-policy
class global-class
inspect pptp
inspect ftp
class csc-class
csc fail-open
!
service-policy global-policy global
originally, I had this line
access-list cscTraffic extended deny ip host 192.168.1.199 any
at the end of my access-list, that's why it wasn't working since ACL in cisco goes by order. I put it back on the top and it's fine.
Hope it helps.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide