06-21-2012 08:32 AM - edited 03-04-2019 04:44 PM
I need to allow host A from the internet access to a 10.10.10.xx internal network but keep it from connecting to other internal networks.
Does this do the trick:
interface eth0
ip access-list 196 in
ip access-list 196 permit ip host (host A ip address ) ip 10.10.10.0 0.0.0.255
06-21-2012 08:44 AM
Hi Joe,
You must to have nat in place 'couse this address is not routable in Internet. After that you will need to map the outside address to inside address.
best regards,
Alcides
06-21-2012 09:13 AM
Hi Alcides,
Host A IP address is an Internet routable address.
Joe
06-21-2012 09:36 AM
Joe
The point that Alcides is making is that if host A is in the Internet and wants to access your internal network that there needs to be address translation in place to make your internal network accessible from the Internet. Note that what is frequently done to translate internal addresses using the interface address with overload works fine to allow inside hosts to get out and for response traffic to get back in. But it does not work for traffic originated from the Internet to inside networks. So you would need additional address translation.
Also I would point out that the access list that you suggest in your original post would allow that specific Internet host to access your network but it does not permit anything else. You should give some thought to what other traffic would need to be permitted in through this interface.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide