Access List Help

whitelabcoat · ‎03-26-2013

I'm working with ip access-list extended.

I am building a new tunnel between my Cisco router and a 3rd party. They provided me a single public IP in the form: 1.1.1.1/32. With /32 on a single IP.

If I add these as: "permit ip 1.1.1.1 255.255.255.255 " is this not the same as "any"?

Doing "permit ip 1.1.1.1 [my private subnet][wildcardmask]" errors.

I want to only allow that single IP to my private subnet through the extended access-list.

Please help.

Javier Portuguez · ‎03-26-2013

Hi there

1- ip access-list extended YOUR_ACL

deny ip 1.1.1.1 0.0.0.0 15.15.15.0 0.0.0.255

permit ip host 1.1.1.1 any

So, the denies the traffic from 1.1.1.1/32 to 15.15.15.0/24 and then, allows any traffic from the host 1.1.1.1/32 to any.

Two different ways to define the host "1.1.1.1" in the ACL.

Further information:

Configuring IP Access Lists

HTH.