correction. it should read in para #2 "... i apply an acl on the inbound e0 to block tcp traffic destined for the 172.20 internal network from the 10.2.100 one unless it is established by the 172.20 network." i'm fading fast...
sorry for the confusion. ----- Original Message ----- From: garrett allen Date: Sunday, April 6, 2003 0:01 am Subject: acl question > it's midnite, i'm bored, outta beer and my head is starting to > hurt > from too many random thoughts about what should be a simple acl. > i've > sufficiently banged my head against the wall so now i solicit help > from > the wise. we are not worthy ...we are not worthy .... > > i've got a little 2514 bridging 2 intenal networks. e0 is > 172.20.0.2 > and e1 is 10.2.100.2. i apply an acl on the inbound e0 to block > tcp > traffic that is initiated by the 172.20 internal network to the > 10.2.100 one. that seems to work ok. i can do what i need to do > from > the 172.20 net on devices in the 10.2.100 one. the problem is > that i > also want to use the e0 interface as the default gateway for the > 172.20 > network (basically issuing redirects to hosts to go out the > firewall). > that's where i run into problems. no redirects occur :-( > > the acl i created is simple (and obviously not working): > access-list 101 permit tcp 172.20.0.0 0.0.255.255 10.2.100.0 > 0.0.0.255 > established > > interface Ethernet0 > ip address 172.20.0.2 255.255.0.0 > ip access-group 101 in > > what did i miss? the fallback plan is to change the dhcp parms to > use > the firewall as the default gateway. i was trying to shift load > from > the firewall and use the router for, well, routing. > > thoughs? beer? help? > > thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66952&t=66952 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
