Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
564
Views
0
Helpful
4
Replies

Access Control List

aseijas
Level 1
Level 1

‎09-13-2004 08:19 AM - edited ‎03-02-2019 06:26 PM

Hi everyboy, i have a doubt and try to solve it here.

we have a cisco switch 5500 with a some vlan per department. the customer ask us implement some kind of control between users at remote sites/branch and headquarters. we implemented an standard access-list with the ip permit suply by customer. the problem started when they ask us to block access to WWW services too. we implemented an extended access-list with tcp protocol and www services permit but when apply the ACL´s we don´t get the expected response. Next i show you an extract of the commands applies:

STANDARD (working)

access-list 10 permit 172.16.x.x

access-list 10 permit 172.16.x.x

access-list 10 permit 172.16.x.x

access-list 10 permit 172.16.x.x

EXTENDED (fail)

access-list 110 permit tcp any any eq www

access-list 110 permit ip host 172.16.x.x any

access-list 110 permit ip host 172.16.x.x any

access-list 110 permit ip host 172.16.x.x any

of course ip´s out of the list would be denied.

Thank a lot for your comments

AS

Labels:
0 Helpful
4 Replies 4

aseijas
Level 1
Level 1

‎09-13-2004 08:21 AM

Sorry the idea is permit some users to get WWW services.

AS

0 Helpful

glen.grant
VIP Alumni
VIP Alumni

‎09-13-2004 08:27 AM

In your message you say they asked to block some WWW services , the way it is written you are permiting everyone access to WWW . You would have to write specific deny statements for which addresses are to be blocked from WWW and then permit everyone else access to WWW .

0 Helpful

aseijas
Level 1
Level 1
In response to glen.grant

‎09-13-2004 10:21 AM

Sorry the idea is permit some users to get WWW services. I just to permit WWW services and then the customers will complete the permissions through the firewall. I have to permit that from remotes site employees can access WWW of course i don´t know which sites and which source for that reason i´ve implemented an extended access list that permit tcp any any eq wwww and permit other specific ip host.

Thank,

AS.

0 Helpful

Kevin Dorrell
Level 10
Level 10

‎09-13-2004 07:00 PM

You say you don't get the expected response. What actually happens? What are the symptoms of the problem?

I presume these access lists are applied to filter outgoing packets towards your firewall, which is then connected onwards towards the Internet. Can you confirm that?

Be aware that the www line concerns only HTTP accesses, i.e. to port tcp/80. It does not allow any other service ports.

I'm not sure I fully understand your architecture. Why are you not doing all of this with the firewall rather than using an ACL?

Kevin Dorrell

Luxembourg

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card