new acl ? followup

Discussion in 'Cisco' started by Brian Bergin, Nov 21, 2003.

  1. Brian Bergin

    Brian Bergin Guest

    If this is my current ACL 101 assigned to Serial0/0 ( ip access-group 101 in):

    access-list 101 deny ip host a.b.c.2 any log
    access-list 101 deny ip host a.b.c.37 any log
    access-list 101 deny ip host a.b.c.6 any log
    access-list 101 deny ip host a.b.c.12 any log
    access-list 101 deny ip host a.b.c.3 any log
    access-list 101 deny ip host a.b.c.36 any log
    access-list 101 deny ip host a.b.c.26 any log
    access-list 101 permit udp any host a.b.c.2 eq domain log
    access-list 101 permit tcp any host a.b.c.2 eq domain log
    access-list 101 deny ip any host a.b.c.2 log
    access-list 101 permit tcp any host a.b.c.3 eq 3389 log
    access-list 101 permit tcp any host a.b.c.3 eq 443 log
    access-list 101 deny ip any host a.b.c.3 log
    access-list 101 permit tcp any host a.b.c.36 eq 3389 log
    access-list 101 permit tcp any host a.b.c.36 eq www log
    access-list 101 deny ip any host a.b.c.36 log
    access-list 101 permit gre any any
    access-list 101 permit tcp any host a.b.c.37 eq 1723 log
    access-list 101 deny ip any host a.b.c.37 log
    access-list 101 permit tcp any host a.b.c.6 eq www log
    access-list 101 deny ip any host a.b.c.6 log
    access-list 101 permit tcp any host a.b.c.12 eq smtp log
    access-list 101 deny ip any host a.b.c.12 log
    access-list 101 permit icmp any any echo-reply log
    access-list 101 permit icmp any any time-exceeded log
    access-list 101 permit icmp any any port-unreachable log
    access-list 101 permit tcp any host a.b.c.26 eq www log
    access-list 101 permit tcp any host a.b.c.26 eq 443 log
    access-list 101 deny ip any host a.b.c.26 log


    and I want to block the following,


    access-list 101 deny ip 61.0.0.0 0.255.255.255 any log


    they go before the rest of my ACL, right? Like this:

    access-list 101 deny ip host a.b.c.2 any log
    access-list 101 deny ip host a.b.c.37 any log
    access-list 101 deny ip host a.b.c.6 any log
    access-list 101 deny ip host a.b.c.12 any log
    access-list 101 deny ip host a.b.c.3 any log
    access-list 101 deny ip host a.b.c.36 any log
    access-list 101 deny ip host a.b.c.26 any log
    !
    access-list 101 deny ip 61.0.0.0 0.255.255.255 any log
    !
    access-list 101 permit udp any host a.b.c.2 eq domain log
    access-list 101 permit tcp any host a.b.c.2 eq domain log
    access-list 101 deny ip any host a.b.c.2 log
    access-list 101 permit tcp any host a.b.c.3 eq 3389 log
    access-list 101 permit tcp any host a.b.c.3 eq 443 log
    access-list 101 deny ip any host a.b.c.3 log
    access-list 101 permit tcp any host a.b.c.36 eq 3389 log
    access-list 101 permit tcp any host a.b.c.36 eq www log
    access-list 101 deny ip any host a.b.c.36 log
    access-list 101 permit gre any any
    access-list 101 permit tcp any host a.b.c.37 eq 1723 log
    access-list 101 deny ip any host a.b.c.37 log
    access-list 101 permit tcp any host a.b.c.6 eq www log
    access-list 101 deny ip any host a.b.c.6 log
    access-list 101 permit tcp any host a.b.c.12 eq smtp log
    access-list 101 deny ip any host a.b.c.12 log
    access-list 101 permit icmp any any echo-reply log
    access-list 101 permit icmp any any time-exceeded log
    access-list 101 permit icmp any any port-unreachable log
    access-list 101 permit tcp any host a.b.c.26 eq www log
    access-list 101 permit tcp any host a.b.c.26 eq 443 log
    access-list 101 deny ip any host a.b.c.26 log

    Thanks...

    Thanks...
    Brian Bergin

    I can be reached via e-mail at
    cisco_dot_news_at_comcept_dot_net.

    Please post replies to the group so all may benefit.
     
    Brian Bergin, Nov 21, 2003
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Sachin Parab

    How to followup for certificate

    Sachin Parab, May 21, 2004, in forum: Microsoft Certification
    Replies:
    3
    Views:
    622
    sreezin
    Aug 19, 2005
  2. Mike S. Whitlow

    followup: CGMP, IGMP Snooping, and the PIX

    Mike S. Whitlow, Feb 27, 2004, in forum: Cisco
    Replies:
    0
    Views:
    621
    Mike S. Whitlow
    Feb 27, 2004
  3. Shad T
    Replies:
    0
    Views:
    751
    Shad T
    Jun 29, 2004
  4. Replies:
    1
    Views:
    888
  5. Vimokh
    Replies:
    3
    Views:
    5,865
    Vimokh
    Sep 6, 2006
Loading...

Share This Page