CCNA Video Training Series

Instant Access, Web or Mobile!

Only $99 for 30 days...
Renew at half price!

Buy/Renew

Includes FREE Practice Exams!

Member Login

Lost your password?

Not a member yet? Sign Up!

Official Lammle User Forum

Prev Previous Post   Next Post Next
  #5  
Old 03-15-2012, 09:49 PM
gabrielshorn gabrielshorn is offline
Senior Member
 
Join Date: Jul 2008
Posts: 211
Default

I'm not sure what you're saying, CableGuy. If you want to just allow Finance to ping Sales, It change the outbound access-list on fa0/1 to an extended that looks something like this:

access-list 100 permit icmp 192.168.40.0 0.0.0.255 any echo-reply
access-list 100 deny ip 192.168.40.0 0.0.0.255 any

If the goal is for Finance to have complete access to Sales without Sales having any access to Finance, then I'd put the following INBOUND on the Sales fa0/0 interface:

access-list 100 permit tcp any any established
access-list 100 permit icmp any 192.168.50.0 0.0.0.255 echo-reply
access-list 100 deny ip any 192.168.50.0 0.0.0.255
access-list 100 permit ip any any

This isn't perfect, as Finance wouldn't be able to connect to UDP-based services in Sales.
Reply With Quote
 

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 09:31 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
css.php