My apologies in advance if this has already been answered.
I have to limit a particular site from reaching other sites via our WAN cloud. I believe the easiest is to "white list" the nets that are allowed and allow the implicit deny all take care of the rest. So my question is this:
stack of 3750G (3) with a WAN VLAN configured
If I apply the following ACL to the VLAN interface (VLAN 10) I should only allow access to the listed networks from the other networks behind the 3750, correct?
ip access-list extended COMP1_TO_COMP2
permit ip host 192.168.67.22 host 192.168.67.10 - WAN Router and BGP Peer
permit ip any host 192.168.67.20 --- Optimizer
permit ip any 10.1.0.0 0.0.255.255 --- net_1
permit ip any 10.10.0.0 0.0.255.255 --- net_2
permit ip any 10.40.0.0 0.0.255.255 --- net_3
ip access-list extended COMP2_TO_COMP1
permit ip host 192.168.67.10 host 192.168.67.22 - WAN Router and BGP Peer
What I am trying to accomplish is to restrict all users at this to only be able to access certain subnets at other sites. And restrict certain sites from accessing this site. Its a legal thing... So the rest of this config would look like:
ip addr 192.168.67.22
ip addr 10.70.0.1/23
ip addr 10.70.30.1/23
There are no users in the VLAN10 on the WAN router, Optimizer, and the Core. So based on your response I should apply the COMP2_TO_COMP1 ACL on the user subnets as an INBOUND and COMP1_to_COMP2 as an OUTBOUND on VLAN 10...