Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
667
Views
0
Helpful
5
Replies

ACL issue - NAT?

Go to solution
kbullard00
Level 1
Level 1

‎11-12-2010 05:02 PM - edited ‎03-06-2019 02:01 PM

Hello

I am trying to setup an access list that blocks Sales from accessing the Accounting server but still allows Accounting to access it.

I have NAT overload running to spicen things up a bit.

First I set up the ACL and applied it to the outgoing interface to Accounting server but that blocked both Sales and Accounting. I suspect it's a NAT issue.

So then I applied the ACL to the inbound interface on the Sales subnet.

Accounting can access the Accounting server now but Sales can't access anything and nothing can access Sales.

Any help would be appreciated.

Labels:
75180-acl-issue.txt.zip
48 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎11-15-2010 08:41 AM

Okay, still not 100% clear but it looks like -

sales is on the fa0/1 interface

accounting server is on the fa0/0 interface

so lets say sales subnet = 192.168.5.0/24

accounting server - 192.168.10.2

access-list 101 deny ip 192.168.5.0 0.0.0.255 host 192.168.10.2

access-list 101 permit ip 192.168.5.0 0.0.0.255 any

int fa0/1

access-group 101 in

Jon

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎11-12-2010 05:32 PM 

kbullard00 wrote:
Hello
I am trying to setup an access list that blocks Sales from accessing the Accounting server but still allows Accounting to access it.
I have NAT overload running to spicen things up a bit.
First I set up the ACL and applied it to the outgoing interface to Accounting server but that blocked both Sales and Accounting. I suspect it's a NAT issue.
So then I applied the ACL to the inbound interface on the Sales subnet.
Accounting can access the Accounting server now but Sales can't access anything and nothing can access Sales.
Any help would be appreciated.

Your diagram is not showing fully and its not clear from your config which is accounting, which is sales etc. so it's a bit hard to help.

Which subnet is sales.

Which subnet is the accounting server in.

Which subnet are the accounting users in.

Are all these subnets connected to the same router ?

Jon

0 Helpful

Go to solution
kbullard00
Level 1
Level 1
In response to Jon Marshall

‎11-15-2010 08:34 AM

ooops sorry about that. I added interface IDs.

59 KB
0 Helpful

Go to solution
jared1995
Level 1
Level 1
In response to kbullard00

‎11-15-2010 08:51 AM

For efficiency you want to block access/traffic closest to the source.

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎11-15-2010 08:41 AM

Okay, still not 100% clear but it looks like -

sales is on the fa0/1 interface

accounting server is on the fa0/0 interface

so lets say sales subnet = 192.168.5.0/24

accounting server - 192.168.10.2

access-list 101 deny ip 192.168.5.0 0.0.0.255 host 192.168.10.2

access-list 101 permit ip 192.168.5.0 0.0.0.255 any

int fa0/1

access-group 101 in

Jon

0 Helpful

Go to solution
kbullard00
Level 1
Level 1
In response to Jon Marshall

‎11-15-2010 10:12 AM

That works thanks a bunch

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card