Re: bypassing the router and connecting to another lan

OneCiscoGuy · ‎01-13-2011

i have a 2600 router, and the config is.

- ether0 = 192.168.1.1

- ether1 = 192.168.2.1

these are two seperate networks.

what i will like to do is to an configure access-list that will have the clients in the 192.168.2.0 network to be able to access only one server in the 192.168.1.0 network (the server will be 192.168.1.8 a proxy server). and then no access to other clients in this 192.168.1 network.

help please....

Amit Singh · ‎01-13-2011

This should be like this.

access-list 101 permit ip 192.168.2.0 0.0.0.255 host 192.168.1.8

access-list 101 deny ip any any

There is an explicit deny at the end of the access-list so you are good even if you dont configure the second ACE.

Then attach it to the Ether1 interface using the command :

Int ether1

ip access-group 101 in

You can change the ACl a bit if you want to attach it to the Eth0 interface. Typically we attach ACL as close as to the source interface of the traffic.

HTH,

-amit singh