cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
207
Views
0
Helpful
2
Replies
Beginner

access list question

Hello, would this sequence of access list commands:

access-group 1 permit tcp any host 10.0.0.2 eq 80

access-group 1 deny ip any host 10.0.0.2

access-list 1 permit ip any any

achieve the following:

Allow http access from any host to 10.0.0.2 (external web server)

Deny all other access to 10.0.0.2 (external web server)

Allow all other access to the internal network ?

Thank you for any help.

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Advisor

access list question

Yes it would

Line 1 allows web access to 10.0.0.2

Line 2 denies all other traffic to 10.0.0.2

Line 3 permits everything else

HTH,

John

HTH, John *** Please rate all useful posts ***
2 REPLIES
Highlighted
Advisor

access list question

Yes it would

Line 1 allows web access to 10.0.0.2

Line 2 denies all other traffic to 10.0.0.2

Line 3 permits everything else

HTH,

John

HTH, John *** Please rate all useful posts ***
Advisor

access list question

Um...it's late and I need to make a couple of corrections for you.

In order for the first line to permit a port, you need an extended access list, so your number needs to be between 100 - 199 or a named acl. The access-group command actually applies the access-list to the interface, so the original answer that I gave you was incorrect. Use the following to truly do what you're wanting to do. (You have to use extended acls to specify the protocol.)

access-list 100 permit tcp any host 10.0.0.2 eq 80

access-list 100 deny ip any host 10.0.0.2

access-list 100 permit ip any any

To apply it:

int fa0/1

ip access-group 100 in

HTH,

John

HTH, John *** Please rate all useful posts ***
CreatePlease to create content
Ask the Expert- Firepower configuration & troubleshooting