From: Reinhold Fischer (Reinhold.Fischer@xxxxxxx)
Date: Sat Sep 15 2001 - 04:34:28 GMT-3
What i have seen in the field is that the networks (without the ports) were
specified as an acl applied to the incoming traffic on one router interface
and the port numbers (without the networks) were specified as an acl applied
to the outgoing traffic on a different router interface. That kept the ACL's
short and gives two stages to apply ACLs. But this has only been done this way
because there was now way to redesign the whole setup ...
hth
Reinhold
On Fri, 14 Sep 2001, Bobby Mann wrote:
> Need some help with access-lists. I have to design a access-list that has
> almost 25 different Subnets and couple of specific destinations. I have
> approximately 15 different ports these subnets need access to.
>
> In other words with the current implementation of access-list I created is
> approx. 375 line long. With a nested access-list of some sort I could
> squeeze it down to 40 -> 50 lines. Is this possible???
>
> Maybe I can use something else that I haven't thought of yet.
>
>
> Thanks in advance!
> **Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:32:18 GMT-3