Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
299
Views
0
Helpful
1
Replies

Access list

f.fnlaspect
Level 1
Level 1

‎02-12-2003 06:48 AM - edited ‎03-02-2019 05:01 AM

I have a request that a remote subnet is not allowed onto the rest of the corporate net but everybody else can get in.

Is this possible?

Something like:-

deny 172.16.40.0 0.0.0.255 any (where 172.16.40.0 is the remote net)

permit ip any any

wont work will it as the packet on the way back would get blocked?

Labels:
0 Helpful
1 Reply 1

lgijssel
Level 9
Level 9

‎02-12-2003 12:15 PM

This idea can work. You have the opportunity to filter in incoming or outgoing direction. As described here, this would be an incoming filter.

Traffic is only blocked in one direction. This will suffice to stop unwanted traffic flows.

Some tips:

- In these cases you preferrably specify a destination range as well instead of the keyword: any.

- With an extended access-list the syntax is: deny IP 172.16.... You may specify tcp or udp instead but some protocol specification is required here.

0 Helpful
Customers Also Viewed These Support Documents