Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
11138
Views
0
Helpful
4
Replies

Extended ACL to allow only specific Source IP to specific Destination IP

Go to solution
Shahzad Ayub
Level 1
Level 1

‎08-26-2015 03:20 AM - edited ‎03-08-2019 01:31 AM

Hello, We have Polycom video conference and we want to allow only specific source IP to access specific destination IP which is our end. Both source and destination are public IPs. I applied an extended ACL with permit command only but this command also block all incoming traffic when I apply this ACL to our incoming interface. My goal is to specify only one source to one destination so that no one can access our destination IP other than allowed and leave all other traffic as it as. Thanks Shahzad
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
John Blakley
VIP Alumni
VIP Alumni

‎08-26-2015 03:37 AM

I'm not sure where you're applying this, so I'm going to make the assumption that you're applying it in the correct direction and device since you said it blocked everything else. There is an implicit deny at the end of your acl whether you specify a deny line or not. Let's say that your address that you want to allow access from is 1.1.1.1 and your video conference equipment is 2.2.2.2. In order to allow only that address to communicate, but not block everything else, you would need to do something like:

access-list 100 permit ip host 1.1.1.1 host 2.2.2.2

access-list 100 deny ip any host 2.2.2.2

access-list 100 permit ip any any

 

The above would allow only the one address to 2.2.2.2, but it would deny everyone else to that host. Then all other traffic would be allowed.

HTH,

John

HTH, John *** Please rate all useful posts ***

View solution in original post

0 Helpful
4 Replies 4

Go to solution
John Blakley
VIP Alumni
VIP Alumni

‎08-26-2015 03:37 AM

I'm not sure where you're applying this, so I'm going to make the assumption that you're applying it in the correct direction and device since you said it blocked everything else. There is an implicit deny at the end of your acl whether you specify a deny line or not. Let's say that your address that you want to allow access from is 1.1.1.1 and your video conference equipment is 2.2.2.2. In order to allow only that address to communicate, but not block everything else, you would need to do something like:

access-list 100 permit ip host 1.1.1.1 host 2.2.2.2

access-list 100 deny ip any host 2.2.2.2

access-list 100 permit ip any any

 

The above would allow only the one address to 2.2.2.2, but it would deny everyone else to that host. Then all other traffic would be allowed.

HTH,

John

HTH, John *** Please rate all useful posts ***
0 Helpful

Go to solution
Shahzad Ayub
Level 1
Level 1
In response to John Blakley

‎08-26-2015 03:46 AM

Hi John,

 

Thank you for your reply.

 

What I understand from your acl that only host 1.1.1.1 can access 2.2.2.2 and nobody can access 2.2.2.2. Also rest of traffic coming to router is allowed for any other destination.

Am I right?

 

Shahzad

 

0 Helpful

Go to solution
John Blakley
VIP Alumni
VIP Alumni
In response to Shahzad Ayub

‎08-26-2015 04:14 AM

Shahzad,

You got it :)

 

John

HTH, John *** Please rate all useful posts ***
0 Helpful

Go to solution
Shahzad Ayub
Level 1
Level 1
In response to John Blakley

‎08-26-2015 05:26 AM

Yep I was looking for this. Thank you

 

Shahzad Ayub

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card