Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
268
Views
0
Helpful
1
Replies

Basic access rule problem

rasoftware
Level 1
Level 1

‎10-05-2010 03:05 AM - edited ‎03-04-2019 10:00 AM

I have a private network located on a corporate network using a Cisco 851 W.  I want to block all access to the coporate LAN from behind this firewall which will be used as an access point to provide internet access/  I have done this sucesfully with an ASA before but the router is proving more difficult.

I have this

192.168.1.0/24 --- 851W Router ---- 10.100.1.15 (Corporate LAN) --- 10.100.1.254 (Corporate Intenet GW)

On the ASA I was able to add false routes for each internal site, including the local site except the gateway.  This worked fine.

I have tried via routes and it not working for the local site, so I though I would do this via an access list.

So I added this on the BVI1 "in"

access-list 150 deny ip 192.168.1.0 0.0.0.255 host 10.100.1.1 -253

However, all traffic is then blocked, ie I can't telnet, ping 192.168.1.254 which is the local G/W.

Any help appreciated!

Labels:
0 Helpful
1 Reply 1

rasoftware
Level 1
Level 1

‎10-05-2010 03:10 AM

Ah posting made me think...

I added a permit 192.168.1.0 0.0.0.255 any after this as I can't allowed any traffic and default is deny unless specificed..

too much management type work these days..

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card