Hello, I need insights on access-list configurations.
I have two subnets sitting on two separate VLANs as follows:
I need to permit access from a server (host IP address is 192.168.1.149) in subnet 192.168.1.145/29 to access the entire subnet 192.168.1.153/29 via port say 25... what subnet mask should I use for the destination address?
here's what i entered:
access-list it_dept permit tcp host 192.168.1.149 192.168.1.153 0.0.0.7 eq 25.
Please let me know if the above statement is correct and the correct subnet mask I should use.
You are making a mistake with the adressing.
In an acl you must use the network address where you entered the first host address:
192.168.1.145/29 should be 192.168.1.144/29
192.168.1.153/29 should be 192.168.1.152/29
The acl mask is correct: 0.0.0.7 (3 bits)
From your description, it seems like you want to access the server (.149) from the clients in .152 subnet. The access-list depends on where you apply it. If you apply it to the interface that is the default gateway for the server, then the access-list will look like below:
access-list it_dept permit tcp host 192.168.1.149 eq "Server Port" 192.168.1.152 0.0.0.7
If you apply it to the default gateway of the clients, then
access-list it_dept permit tcp 192.168.1.152 0.0.0.7 host 192.168.1.149 eq "Server port"
Hope this helps.