Define some networks and type up the ACLs and we'll show you how to combine
them (or you'll probably see it as you flesh them out).
--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
""Allen May"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> How about having a VPN and "other" server access from the internet users?
> You'd need an acl for VPN and one for non-encrypted traffic that doesn't
> need the same permissions that VPN did. VPN users would be internal and
> have access to ftp, telnet, etc on the same boxes external users should
only
> have port 80, etc.
>
> I haven't thought this whole thing through yet so bear with me. No coffee
> this morning ;)
>
> ----- Original Message -----
> From: "Chuck Larrieu"
> To: "Allen May" ;
> Sent: Wednesday, May 02, 2001 4:03 PM
> Subject: RE: ACL [7:2882]
>
>
> >
> > Construct three access-lists, each doing what you specify. Then
consider
> > what would be gained or lost if you combined them into a single
> access-list.
> >
> > In the end, the router would have to process each line anyway.
> >
> > It may be that there are architectural reasons for the limitation of the
> > number of lists per protocol. I have heard it said that in major shops,
> > access-lists might contain hundreds of lines. Imagine troubleshooting
one
> of
> > those suckers!
> >
> > Chuck
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
> > Allen May
> > Sent: Wednesday, May 02, 2001 1:56 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: ACL [7:2882]
> >
> > 1 reason would be to separate acl's per internal IP address you're
> > permitting/denying access to. 101=specific IP allowing ftp and http,
> > 102=different IP allowing http only, etc. It would look cleaner
> anyway....
> >
> > ----- Original Message -----
> > From: "Donald B Johnson jr"
> > To:
> > Sent: Wednesday, May 02, 2001 3:19 PM
> > Subject: Re: ACL [7:2882]
> >
> >
> > > Why
> > > ----- Original Message -----
> > > From: "BASSOLE Rock"
> > > To:
> > > Sent: Wednesday, May 02, 2001 7:24 AM
> > > Subject: ACL [7:2882]
> > >
> > >
> > > > Hi,
> > > >
> > > > Can we apply more then one ACL per interface?..
> > > >
> > > >
> > > > Example:
> > > >
> > > > Interface Serial1
> > > > ip access-group 102 in
> > > > ip access-group 103 out
> > > > ip access-group 104 in
> > > > ip access-group 105 out
> > > >
> > > > Thank you.
> > > >
> > > > Rock BASSOLE
> > > > Til: +33 (0) 1 45 96 22 03
> > > > FAQ, list archives, and subscription info:
> > > http://www.groupstudy.com/list/cisco.html
> > > > Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]
> > > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=2965&t=2882
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
