Setting up ACL for network. restrict access

migz1234migz1234 Registered Users Posts: 4 ■□□□□□□□□□
Hi. So I'm trying to set up a network. I have a router (R2) connected to an outside network server and to another router R3. On this router I want to set up an access list which will allow anything in my inside network 192.168.x.x to ping to outside networking 209.x.x.x and allow the internet/outside web server to ping in to 1 address only on my router which is a loopback address I'm not sure how to go by this. I'm thinking put the cal on the interface connected to outside networks in the OUT direction.

Can I do this with just 1 access list on one interface.

Thoughts. thanks


  • OctalDumpOctalDump Member Posts: 1,722
    Read this.

    So, think about the components of access list:
    (message type)

    So, yeah, you can apply a rule for the source of and a destination of matching ICMP. You can have another rule to match the incoming (or is it any internet host or a specific internet host?) with destination of

    Now the other question is "Can I do this with just one ACL on one interface?" and the answer to that is pretty much given in the "list" part of Access Control List. The only question is if both traffic has to pass through the same interface at some point. Is that the best way? Well, it depends.
    2017 Goals - Something Cisco, Something Linux, Agile PM
  • d4nz1gd4nz1g Member Posts: 464
    Well, since you mentioned internet access, I would recommend using ZBFW.

    Regular ACLs are stateless, and return traffic from internet are likely to be blocked by an input acl on the router's external interface.

    You would need ar dynamic ACL or a Stateful Inspection (ZBFW does that for you)
Sign In or Register to comment.