06-12-2012 10:12 PM - edited 03-04-2019 04:39 PM
hi all,
My requirment is to drop the Internet traffic once the Cisco HWIC 3G backup link will become active(attached) .Because I should allow only Business Critical Data allow through that and others should drop. Here are the config I used. In here I used a standard access list to generate intersting traffic which allow all the traffic traverse through the backup link.
Can I drop the packets to the proxy (192.168.1.100) using this access list and allow other traffic.
access-list 1 deny 192.168.1.100
access-list 1 permit any
dialer-list 1 protocol ip list 1
Is this the proper way I should follow ? Is there any other good method to achieve my requirement ?
Thanks
cellular 0/0/0 gsm profile create 1 *******
chat-script gsm "" "***** " TIMEOUT 30 "CONNECT"
interface FastEthernet0/1
ip address 172.1.1.1 255.255.255.0
int se 0/1/0
ip address 192.168.1.2 255.255.255.252
interface Cellular0/1/0
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer in-band
dialer idle-timeout 30 either
dialer string gsm
dialer-group 1
async mode interactive
ppp chap hostname *****
ppp chap password 7 ********
ppp ipcp dns request
ip route 0.0.0.0 0.0.0.0 serial 0/1/0 track 1
ip route 0.0.0.0 0.0.0.0 Cellular0/1/0 10
ip sla 1
icmp-echo 192.168.1.1
frequency 10
ip sla schedule 1 life forever start-time now
track 1 ip sla 1 reachability
access-list 1 permit any
dialer-list 1 protocol ip list 1
line 0/0/0
script dialer gsm
06-13-2012 12:06 AM
Hi Harsha,
Best way to do it is to make an extended access-list and allow the protocol/ports number, which are critical to you and drop all other traffic ( by default implicit deny as in access-list)...
HTH,
Smitesh
PS: Please rate helpful posts...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide