Cisco VPN and Access-list ?

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
Dear All,

I am using Remote-vpn to connect work place. but i want to limit that
user to be able to access only
two server and (web/80) . for that i created
acl but its not working,
i can access all services on these system.
My wan interface is  fa0 ,  and when i connect to work place , pool
assigns me ip address
 ACL implemnented on  FA0 in. where as servers are on fa1.1 (vlan 1).

ip access-list extended webout
 permit tcp any established
 permit tcp host eq www
 permit tcp host eq 8080
 permit tcp host eq www
 permit tcp host range 8080 8099
 permit tcp host range 3380 3390
 deny ip any any

where is the problem ?

Re: Cisco VPN and Access-list ?

the established keyword, doesnt' tear down existing connections however,
so did you reconnect AFTER you applied the list to see if it worked or not ?

also maybe its applied in the wrong direction, or to the wrong interface...

one other thing that I am a bit uncomfortable with is the range keyword
used for ports.

I haven't used the ACLs in a while, and CISCO's site, only shows the
time-range command,

Ammad Shah wrote:
Quoted text here. Click to load it

Site Timeline