Access Lists in out troubles

gouki2005

I still dont understand the in or out for the access list look the picture

http://www.tic.ac.uk/opnet/StudentWebsite/images/Lab2.h39.jpg

now look the 205.7.5.0 net ok now i going to apply the acl there ok so for me the E1 is the outbound interface because my traffic is getting out of my network and the inbound interface is E0

i am right???

Find more posts tagged with

SAVE $250 on Your CISCO Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View CISCO Boot Camps

Comments

ilcram19-2

put it this way in or out is only relative to the interface that the ACL is applied to for xample
when is comming in to the interface the source is the host generating the traffic from the lan of the routers interface ip to a destination outside that interface
example
permit ip host 10.1.1.2 host 9.9.9.9
source destination

Local LAN

>in>10.1.1.1 (router)

when it comming out is going from a remote subnet to the subnet of the routers interface
example
permit ip host 9.9.9.9 host 10.1.1.2
source destination

Local LAN<

out<10.1.1.1

gouki2005

ilcram19-2 wrote: »

put it this way in or out is only relative to the interface that the ACL is applied to for xample
when is comming in to the interface the source is the host generating the traffic from the lan of the routers interface ip to a destination outside that interface
example
permit ip host 10.1.1.2 host 9.9.9.9
source destination

Local LAN
>in>10.1.1.1 (router)

when it comming out is going from a remote subnet to the subnet of the routers interface
example
permit ip host 9.9.9.9 host 10.1.1.2
source destination

Local LAN<
out<10.1.1.1

mmm still dont get it..

ilcram19-2

where are you confuse?

notgoing2fail

Don't think too hard, it's all perspective from how the ACL is created. The way you want the ACL to function is how you apply the direction....

alan2308

Think in terms of the router interface, not the source or destination of the traffic. In your example, traffic originating from the 205.7.5.0 network comes into the router E1 interface. That traffic is inbound on E1, it is coming into the router there. But this applies only to that interface. That same traffic exits on interface E0, so that same traffic is outbound on E0. And it works the same way for traffic going the other way. Traffic with a destination on the 205.7.5.0 network is outbound on E1.

You can have one access list per interface per direction per protocol.

chmorin

Take the perspective of the interface you are applying.

"HEY YOU PACKET! Okay you can come in."
"HEY YOU PACKET! Nope, you're not on the list to come in."
"Oh, you want out? Okay, you can get out."
"Oh, you want out? Sorry, you're not on the list to go out."