Hello, would this sequence of access list commands:
access-group 1 permit tcp any host 10.0.0.2 eq 80
access-group 1 deny ip any host 10.0.0.2
access-list 1 permit ip any any
achieve the following:
Allow http access from any host to 10.0.0.2 (external web server)
Deny all other access to 10.0.0.2 (external web server)
Allow all other access to the internal network ?
Thank you for any help.
Solved! Go to Solution.
Um...it's late and I need to make a couple of corrections for you.
In order for the first line to permit a port, you need an extended access list, so your number needs to be between 100 - 199 or a named acl. The access-group command actually applies the access-list to the interface, so the original answer that I gave you was incorrect. Use the following to truly do what you're wanting to do. (You have to use extended acls to specify the protocol.)
access-list 100 permit tcp any host 10.0.0.2 eq 80
access-list 100 deny ip any host 10.0.0.2
access-list 100 permit ip any any
To apply it:
ip access-group 100 in