Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
264
Views
0
Helpful
1
Replies

ACL on Cisco router

Mmiselo
Level 1
Level 1

‎04-23-2015 03:48 PM - edited ‎03-05-2019 01:19 AM

Good day,

I have access-lists on my cisco router 2900 where some are attached to the crpypto maps for IPSec tunnels and one linked to the access-map o the line VTY.

So now I need to allow access from two specific IP's to a specific IP and I want to block anything else. Below are the rules that I configured:

ip access-list extended VM-SRV-MANAGEMENT
permit ip host 10.100.1.3 host 196.80.62.100
 permit ip host 10.100.0.3 host 196.80.62.100
 deny ip any host 196.80.62.100

The rules that I have added don't seem to be working as the 196.80.62.100 IP is still accessible from other source IP's other than the ones specified.

May you please advise if this is achievable and what rules must I add to add the restrictions.

 

Regards

Nelson

Labels:
0 Helpful
1 Reply 1

johnlloyd_13
Level 9
Level 9

‎04-23-2015 06:47 PM

hi,

you just need 2 lines as there's already an implicit deny at the end of your ACL.

in what direction and what interface did you apply the ACL, in or out?

could you post a brief network diagram/topology?

ip access-list extended VM-SRV-MANAGEMENT
 permit ip host 10.100.1.3 host 196.80.62.100
 permit ip host 10.100.0.3 host 196.80.62.100

interface gx/x

ip access-group VM-SRV-MANAGEMENT <IN/OUT>

0 Helpful
Customers Also Viewed These Support Documents