I need help with access list on my cisco 2621 and here's a scenario that I'd
like to pass on to you guys for some advice
I'd like to deny access to all traffic whether it's tcp or udp coming from
interface 1's network to interface 2 network but allow all access to
interface 2 network
to access interface 1 network.
Can I do this?
--
Regards,
Jason
"GM" <George....@Home.com> wrote in message
news:rsEM6.132400$_f3.1...@news20.bellglobal.com...
The problem you'll run into is hosts on interface 2 will only be able to
access network 1 when they are using UDP apps. If you don't allow TCP acks
to flow from int 1 to int 2, the connection will always timeout.
"GM" <George....@Home.com> wrote in message
news:rsEM6.132400$_f3.1...@news20.bellglobal.com...
On Wed, 16 May 2001 23:56:07 GMT, "GM" <George....@Home.com>
wrote:
>I'd like to deny access to all traffic whether it's tcp or udp coming
from
>interface 1's network to interface 2 network but allow all access to
>interface 2 network
>to access interface 1 network.
>
>
>Can I do this?
Sure. Have you established an access-list
which is giving you trouble or are you
just starting to develop one?
In either case, just remember the general rule
for access lists is
"ONE (1) protocol PER port PER direction"
mf
GM <George....@Home.com> wrote in message
news:rsEM6.132400$_f3.1...@news20.bellglobal.com...
int s0
ip access-group 101 in
you could also apply the list to 1's s0 out interface specifying denial to
2's network so that way the traffic would not have to travel across the
network
you would have better performance bandwidth that way.
that way all traffic from network 1 is blocked but every thing else is
allowed through