I need to do this in one ACL and need help :
1) Restrict access from network 10.0.0.1/24 to internet ban on port 80 but allow access to this server 172.16.3.1
2) Allow access to all ports on the 10.0.0.1/24 but deny access to 172.16.3.1
How can i do this ?
This is orrery simple if just provide some more details like a simple topology or
If u have router with two interfaces where is the 172 server located ! Toward the Internet interface ?
By the way if the server located to the inside of ur network you may need reflexive acl to get working as you want
See the bellow link of how to configure it
So the idea is to deny traffic from inside sourced from network 10.0 but u have the reflexive acl to inspect/evaluate the traffic going from outside to network 10 to allow the returne
You need inbound and outbound acls
Sent from Cisco Technical Support iPhone App
Do you want 172.16.3.1 to access the internet at all?
From what I can work out you have one router with 3 ports. One going to 10.x, one going to 172.x and the other going onto the internet.
IF the 172.x server doesn't need to access the internet then the ACL is quite simple. If it does then it'll be a little more complicated.
ip access-list 101 deny tcp 10.0.0.1 0.0.0.255 any eq www
ip access-list 101 permit ip any 10.0.0.1 0.0.0.255
ip access-list 101 permit tcp any 172.16.3.1 eq www
ip access-list 101 deny ip any 172.16.3.1
Then apply it to appropriate interface and direction
You mean from internet?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: