Group,
I have trouble translating these statements to ACLs.
1) All HTTP traffic coming from Vlan 34.
2) All HTTP traffic coming from R1 on Vlan 34.
3) All HTTP traffic coming from Web Server on Vlan 34.
4) All HTTP traffic going out to Vlan 34.
5) All HTTP traffic going out to Web Server on Vlan 34.
*Question is:*
Should I match both Source and Destination TCP port to 80 (or) just one of
them ?
Assume Vlan 34 = 10.1.34.0/24, R1 = 10.1.34.1/24, WebServer = 10.1.34.100/24
My solutions is for the above are:
a) Match source tcp port = 80 for incoming HTTP traffic
b) Match destination tcp port = 80 for outgoing HTTP traffic.
1) ip access-list extended V34_in
permit tcp 10.1.34.0 0.0.0.255 eq www any
2) ip access-list extended V34_R1_in
permit tcp 10.1.34.1 0.0.0.0 eq www any
3) ip access-list extended V34_WS_in
permit tcp 10.1.30.100 0.0.0.0 eq www any
4) ip access-list extended V34_out
permit tcp any 10.1.30.0 0.0.0.255 eq www
5) ip access-list extended V34_WS_out
permit tcp any 10.1.30.100 0.0.0.0 eq www
Can someone please highlight the Source & Destination TCP ports for HTTP
traffic in both directions ?
Thanks very much,
Naveen.
Blogs and organic groups at http://www.ccie.net
Received on Thu Apr 02 2009 - 11:14:07 ART
This archive was generated by hypermail 2.2.0 : Mon May 04 2009 - 07:39:11 ART