Extended ACLs place the source address first, so that line should read:
access-list 101 deny ip 10.0.0.0 0.255.255.255 192.168.0.0 0.0.255.255
access-list 101 permit ip any any
Even this won't have the entire desired effect. This may prevent the setup
of TCP connections, but UDP traffic from the 192.168 network could travel
freely to the 10 network. Because the nature of IP is send/reply, it's
difficult to implement an access list that has the desired effect without
breaking something else. In this case, it's difficult to limit access to 10
without breaking 10's access to 192.168.
Hmm....perhaps this might be an opportune time to find a place for that
"established" ACL keyword. :-)
Still pondering,
John Neiberger
> Why don't you just use one access list on the 192.168.x.x network router
to
> deny it from seeing any traffic from the 10 network?
>
> eg.
> #access-list 101 deny ip 192.168.0.0 0.0.255.255 10.0.0.0 0.255.255.255
> #access-list 101 permit any any
>
> Apply this outbound to the 192.168.x.x interface and you should be set.
> This will allow traffic from the 10 netwk to get to the 192.168 netwk but
> will deny 192.168 from getting to 10.
>
>
> Vijay Ramcharan, MCSE, CCNA
>
>
> -----Original Message-----
> From: Asad Jafari [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, July 05, 2000 12:27 PM
> To: [EMAIL PROTECTED]
> Subject: Access Lists
>
>
> Hello All,
>
> I've configured a 2611 for routing in between two different LAN's. One is
a
> 10.0.0.0 and the other is 192.168.0.0. I have configured access lists for
> this. I want the 10.0.0.0 network to see the 192.168.0.0 network. I don't
> want the 192.168.0.0 network to see the 10.0.0.0 network. I have been
> playing with it but can't get it to work. Either it will block both sides
or
> open both.
>
> Any help will be really appreciated.
> Thanks in advance,
>
> Asad Jafari.
>
> ___________________________________
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> ___________________________________
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_______________________________________________________
Say Bye to Slow Internet!
http://www.home.com/xinbox/signup.html
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
