Halo all, I understood that ACL on int's were transitting traffic and ACL on line was to the router?
I ask because I could not access router until I add my home IP on acl 101 (the inbound) Is this because the external interface fe0 has inbound rules applied? For example, fe1 is to our network of servers I apply ingress rules on fe0 which the SP link, is this right why I denied? Should I invert this all?, have no rules on fe0 and apply the network-ingress, as an outbound rule on fe1 instead? Which is consider best practise? Or is this correct but I somehow block myself to line ACL conf data relevant to post, all IP is changed for protect guilty :-> access-list 1 permit 1.1.1.0 0.0.1.255 line vty 0 4 access-class 1 in access-list 101 permit ip host 1.2.3.4 any access-list 101 permit ip host 15.6.7.8 any access-list 101 deny tcp any any eq 22 access-list 101 deny tcp any any eq telnet access-list 101 deny tcp any any eq sunrpc access-list 101 deny udp any any eq sunrpc access-list 101 deny tcp any any range 135 139 access-list 101 deny udp any any range 135 netbios-ss access-list 101 deny tcp any any eq 445 access-list 101 deny udp any any eq tftp access-list 101 deny tcp any any eq 873 access-list 101 deny tcp any any eq 2049 access-list 101 deny tcp any any eq 3306 access-list 101 permit ip any any interface FastEthernet0 ip access-group 101 in thanks you _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/