Is 165.5.x.x the range of your internal network or the range of addresses that your dial in users are assigned to? This list says that any packet whose source address is 165.5.x.x can be destined for anywhere. If you want to restrict which subnets they can get to make some more lines specifying your internal subnets. Not to insult, but dont' forget to apply it to an interface.
>From: "J. Johnson" >Reply-To: "J. Johnson" >To: [EMAIL PROTECTED] >Subject: Access Lists [7:28927] >Date: Wed, 12 Dec 2001 14:24:16 -0500 > >We have a Cisco 5300 Dial-up. We want to allow everyone to get to our >network when they dial in. We do not want everyone to get on the internet >when they dial-in. This is what my access list look like > >access-list 110 permit ip 165.5.0.0 0.0.255.255 any > access-list 110 deny ip any any > >Everyone can get to our network and get on the internet with the above >list. >Can you see anything wrong? > >Thanks. > >Jill _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28940&t=28927 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]