On a 2600 Router. I have multiple subnets on a single interface and want to keep the 192.168.10.0 subnet from talking to the others. But I need it to be able to access the internet. This is what I have come up with. Can you guys shoot holes in it and tell me if it is correct or what I am doing wrong. Thanks!
interface Ethernet0/0 ip access-group 101 in ip access-group 102 out
interface Ethernet0/0 (inside) In access-list 101 permit 192.168.1.0 0.0.0.255 access-list 101 permit 192.168.2.0 0.0.0.255 access-list 101 permit 10.0.0.0 0.0.0.255 access-list 101 permit 192.168.10.0 0.0.0.255
Out access-list 102 deny 192.168.10.0 0.0.0.255 192.168.1.0 0.0.0.255 access-list 102 deny 192.168.10.0 0.0.0.255 192.168.2.0 0.0.0.255 access-list 102 deny 192.168.10.0 0.0.0.255 10.0.0.0 0.0.0.255