Re: Work-related ACL problem [7:17695]

Wed, 29 Aug 2001 14:49:38 -0700 

Does this have anything to do with that "Chambers" thread? ;-)


----- Original Message -----
From: "Brian Whalen" 
To: 
Sent: Wednesday, August 29, 2001 4:48 PM
Subject: Re: Work-related ACL problem [7:17695]


> ah yes the old in or out debate...
>
> Brian "Sonic" Whalen
> Success = Preparation + Opportunity
>
>
> On Wed, 29 Aug 2001, John Neiberger wrote:
>
> > The problem is in your second line.  You are denying traffic *sourced*
> > from port 80 (www), not traffic destined for port 80.  Change the line
> > to:
> >
> > access-list 101 deny tcp any any eq www
> >
> > I would even consider adding "eq www" to the first line since you only
> > want to allow web traffic to that host, right?
> >
> > HTH,
> > John
> >
> > >>> "Wilson, Bradley"  8/29/01 10:03:33 AM >>>
> > Okay gang, this one's work-related so don't feel obligated to help. ;-)
> >  I
> > think it's an interesting thought problem though:
> >
> > The Problem I'm Trying To Solve: allow access to a particular website
> > (2.2.2.2) from users on a particular subnet.  Do NOT allow them to
> > access
> > any *other* website.  Allow them to access other resources within your
> > internal network (172.0.0.0).
> >
> > Here's the ACL I came up with:
> >
> > access-list 101 permit ip any host 167.216.138.4
> > access-list 101 deny tcp any eq www any
> > access-list 101 permit ip any 172.0.0.0 0.255.255.255
> > access-list 101 permit ip any any
> >
> > This list was created on an MSFC card running in a 6509 chassis, and
> > has
> > been applied to interface Vlan1 inbound (I tried outbound as well just
> > for
> > kicks).  The (unintended) result is that users can access both the
> > target
> > website, as well as other websites on the Internet.  Any ideas?
> >
> >
> >
> > Bradley J. Wilson
> > CCNP CCDP MCSE NNCSS CNX MCT CTT
> > EDS/Boston Scientific Account
> > (508) 650-8739
> > [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=17760&t=17695
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to