Solved: acess-list

barry-goldberg · ‎07-12-2007

Hi,

I do understand what is access-list and why should i use it but i'm not sure about ip access-group on the interface to WAN.

In my case i have access-list on 1841 router along with relevant ip access-group on the wan interface. If i need to add additional access-list for example to allow traffic on different tunnel i have to create access-list but i can't add another ip access-group on the interface .

what should I do ?

hope my question is clear

Thank you

Jon Marshall · ‎07-12-2007

Barry

Yes, you just keep adding lines. Be careful though as you need to be aware that once a match is made in the access-list no further processing is done so you need to make sure the order of lines in your access-list allows or denies traffic in the right order.

Jon

View solution in original post

Jon Marshall · ‎07-12-2007

Hi Barry

Yes you can only apply one access-list inbound and one outbound. I'm a little confued by the question. If you are filtering on your WAN interface just add the additional lines to your exiting access-list.

Or have i missed something ?

Jon

barry-goldberg · ‎07-12-2007

Hi Jon,

So basically you are saying that i should keep adding access-list's to same number as it appears under the interface

Thanks

Jon Marshall · ‎07-12-2007

Barry

Yes, you just keep adding lines. Be careful though as you need to be aware that once a match is made in the access-list no further processing is done so you need to make sure the order of lines in your access-list allows or denies traffic in the right order.

Jon