Okay gang, this one's work-related so don't feel obligated to help. ;-) I
think it's an interesting thought problem though:
The Problem I'm Trying To Solve: allow access to a particular website
(2.2.2.2) from users on a particular subnet. Do NOT allow them to access
any *other* website. Allow them to access other resources within your
internal network (172.0.0.0).
Here's the ACL I came up with:
access-list 101 permit ip any host 167.216.138.4
access-list 101 deny tcp any eq www any
access-list 101 permit ip any 172.0.0.0 0.255.255.255
access-list 101 permit ip any any
This list was created on an MSFC card running in a 6509 chassis, and has
been applied to interface Vlan1 inbound (I tried outbound as well just for
kicks). The (unintended) result is that users can access both the target
website, as well as other websites on the Internet. Any ideas?
Bradley J. Wilson
CCNP CCDP MCSE NNCSS CNX MCT CTT
EDS/Boston Scientific Account
(508) 650-8739
[EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=17695&t=17695
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
