Using ACL to allow traffic between two specific hosts on different subnets

mplows1969 · ‎10-12-2012

Hello,

I am having a problem allowing traffic between two mail servers on our subnets.

Our main mailserver mailA.company1.local has an IP of 192.168.15.5, our second mail server mailB.company2.local has an IP on 192.168.16.5. We have an 891 series router to manage traffic between the two subnets and ACLs are in place to allow/deny traffic.

I have added the following lines to the ACLs;

...

ip access-list extended Company1

permit ip 192.168.15.5 192.168.16.5

...

ip access-list extended Company2

permit ip 192.168.16.5 192.168.15.5

I want to limit the access between the networks as much as possible and was hoping that by specifying the source and destination IPs I could avoid using the permit ip any...

Any suggestions as to what I am doing wrong on this? Thanks for any help.

John Blakley · ‎10-12-2012

Where are you applying these?

The acl should be:

ip access-list ext Company1

permit ip host 192.168.15.5 host 192.168.16.5

ip access-list ext Company2

permit ip host 192.168.16.5 host 192.168.15.5

But, you need to apply them somewhere.

HTH,

John

HTH, John *** Please rate all useful posts ***

ciscoamit_497 · ‎10-13-2012

Dear Mark,

The access-list made by the J is perfect for this scenarion, but he said you should apply it somewhere.

But u should take the precaution before applying this as we dont have any idea about your network topology, so place it as they wont deny any other potential traffic.

Thanks.

Amit

*********Please rate helpful posts***********