How about having a VPN and "other" server access from the internet users?
You'd need an acl for VPN and one for non-encrypted traffic that doesn't
need the same permissions that VPN did. VPN users would be internal and
have access to ftp, telnet, etc on the same boxes external users should only
have port 80, etc.
I haven't thought this whole thing through yet so bear with me. No coffee
this morning ;)
----- Original Message -----
From: "Chuck Larrieu"
To: "Allen May" ;
Sent: Wednesday, May 02, 2001 4:03 PM
Subject: RE: ACL [7:2882]
>
> Construct three access-lists, each doing what you specify. Then consider
> what would be gained or lost if you combined them into a single
access-list.
>
> In the end, the router would have to process each line anyway.
>
> It may be that there are architectural reasons for the limitation of the
> number of lists per protocol. I have heard it said that in major shops,
> access-lists might contain hundreds of lines. Imagine troubleshooting one
of
> those suckers!
>
> Chuck
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
> Allen May
> Sent: Wednesday, May 02, 2001 1:56 PM
> To: [EMAIL PROTECTED]
> Subject: Re: ACL [7:2882]
>
> 1 reason would be to separate acl's per internal IP address you're
> permitting/denying access to. 101=specific IP allowing ftp and http,
> 102=different IP allowing http only, etc. It would look cleaner
anyway....
>
> ----- Original Message -----
> From: "Donald B Johnson jr"
> To:
> Sent: Wednesday, May 02, 2001 3:19 PM
> Subject: Re: ACL [7:2882]
>
>
> > Why
> > ----- Original Message -----
> > From: "BASSOLE Rock"
> > To:
> > Sent: Wednesday, May 02, 2001 7:24 AM
> > Subject: ACL [7:2882]
> >
> >
> > > Hi,
> > >
> > > Can we apply more then one ACL per interface?..
> > >
> > >
> > > Example:
> > >
> > > Interface Serial1
> > > ip access-group 102 in
> > > ip access-group 103 out
> > > ip access-group 104 in
> > > ip access-group 105 out
> > >
> > > Thank you.
> > >
> > > Rock BASSOLE
> > > Til: +33 (0) 1 45 96 22 03
> > > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=2960&t=2882
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
