Hi -

cfcorp2016 · ‎11-22-2016

Hi,

I'm trying to set up an ACL to allow only one network access to a HTTP server in the internal network on port 80, so far ive not been able to do this.

I'm not sure whether i should filter in or out as whenever i apply either i cannot get access to the HTTP server. The HTTP server has an IP address of 10.6.10.4 and the network i want to permit access to it is 10.6.20.0 on port 80. Ive tried going through a number of ACL examples but i cant get it to work.

I also want to block the network 10.6.21.0 accessing the http server.

Any help would be greatly appreciated.

Thanks

Paul Chapman · ‎11-23-2016

Hi -

Post the work you have done so far.

PSC

Joseph W. Doherty · ‎11-23-2016

You could place an ACL for in or out or both. What's important, the ACL source and destination fields match the packet, which will vary based on whether the traffic is flowing to or from the server.

For example, on the interface "facing" or "hosting" the HTTP server (Also assuming your two networks are /24s):

ip access-list extended sampleOut

permit tcp 10.6.20.0 255.255.255.0 host 10.6.10.4 eq www

deny ip any host 10.6.10.4

permit any any

ACL query