Cisco VPN and Access-list ?

Dear All,

I am using Remote-vpn to connect work place. but i want to limit that user to be able to access only two server 172.16.10.45 and 172.16.10.46 (web/80) . for that i created acl but its not working, i can access all services on these system. My wan interface is fa0 , and when i connect to work place , pool assigns me ip address 192.168.81.10. ACL implemnented on FA0 in. where as servers are on fa1.1 (vlan 1).

ip access-list extended webout permit tcp any 192.168.81.0 0.0.0.255 established permit tcp 192.168.81.0 0.0.0.255 host 172.16.10.45 eq www permit tcp 192.168.81.0 0.0.0.255 host 172.16.10.45 eq 8080 permit tcp 192.168.81.0 0.0.0.255 host 172.16.10.46 eq www permit tcp 192.168.81.0 0.0.0.255 host 172.16.10.46 range 8080 8099 permit tcp 192.168.81.0 0.0.0.255 host 172.16.10.46 range 3380 3390 deny ip any any

where is the problem ?

Reply to
Ammad Shah
Loading thread data ...

Hi,

the established keyword, doesnt' tear down existing connections however, so did you reconnect AFTER you applied the list to see if it worked or not ?

also maybe its applied in the wrong direction, or to the wrong interface...

one other thing that I am a bit uncomfortable with is the range keyword used for ports.

I haven't used the ACLs in a while, and CISCO's site, only shows the time-range command,

formatting link

Ammad Shah wrote:

Reply to
P.S

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.