All,
For some reason I am having problems with a seemingly simple access-list and
any help is extremely appreciated. When I applied the list, It blocked www
access (intranet www worked fine) to all except the BDC and the Exchange
server. I assume I made a mistake with the wildcard mask.
My stub of the intranet is 10.105.190.0
BDC is 10.105.190.10
Exchange server is 10.105.190.246
IP's authorized unrestricted access 10.105.190.8 thru 10.105.190.24
LAN is on e0, WAN on s0
Here are my guidelines in plain English
permit all to local intranet
permit our BDC to all
permit Exchange server to all
permit specific block of ip's to all (10.105.190.8 thru 10.105.190.24)
deny all others to www
permit ip all (for proprietary stuff some of our offices use and I don't
currently have the time to see what ports they need)
Here is the list I came up with:
access-list 101 permit tcp any 10.0.0.0 0.255.255.255 eq www
access-list 101 permit ip host 10.105.190.10 any
access-list 101 permit ip host 10.105.190.246 any
access-list 101 permit ip 10.105.190.8 0.0.0.16 any
access-list 101 deny tcp 10.105.190.0 0.0.0.255 any eq www
access-list 101 permit ip any any
apply to interface e0:
en, config t, int e0
ip access-group 101 out
ctrl-z
Thanks again,
Tim
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
