Cisco VPN and Access-list ?

Dear All,

I am using Remote-vpn to connect work place. but i want to limit that user to be able to access only two server and (web/80) . for that i created acl but its not working, i can access all services on these system. My wan interface is fa0 , and when i connect to work place , pool assigns me ip address ACL implemnented on FA0 in. where as servers are on fa1.1 (vlan 1).

ip access-list extended webout permit tcp any established permit tcp host eq www permit tcp host eq 8080 permit tcp host eq www permit tcp host range 8080 8099 permit tcp host range 3380 3390 deny ip any any

where is the problem ?

Reply to
Ammad Shah
Loading thread data ...


the established keyword, doesnt' tear down existing connections however, so did you reconnect AFTER you applied the list to see if it worked or not ?

also maybe its applied in the wrong direction, or to the wrong interface...

one other thing that I am a bit uncomfortable with is the range keyword used for ports.

I haven't used the ACLs in a while, and CISCO's site, only shows the time-range command,

formatting link

Ammad Shah wrote:

Reply to
P.S Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.