This is what I belive is right?
1) All HTTP traffic coming from Vlan 34.
ip access-list extended V34_in
permit tcp 10.1.34.0 0.0.0.255 eq www any
2) All HTTP traffic coming from R1 on Vlan 34.
ip access-list extended V34_R1_in
permit tcp host 10.1.34.1 eq www any
3) All HTTP traffic coming from Web Server on Vlan 34.
ip access-list extended V34_WS_in
permit tcp host 10.1.30.100 eq www any
4) All HTTP traffic going out to Vlan 34.
ip access-list extended V34_out
permit tcp any 10.1.30.0 0.0.0.255 eq www
5) All HTTP traffic going out to Web Server on Vlan 34.
ip access-list extended V34_WS_out
permit tcp any host 10.1.30.100 eq www
-Yuri
> >>
> >> On Thu, Apr 2, 2009 at 9:38 PM, naveen M S <navin.ms_at_gmail.com> wrote:
> >>
> >>> Thanks Divin. This is my understanding.
> >>>
> >>> WebClient---------------------------------WebServer
> >>>
> >>> 1) For Traffic flowing from Client to Server:
> >>> Src TCP port = Any
> >>> Dest TCP port = 80
> >>>
> >>> 2) For traffic flowing from Server to Client:
> >>> Src TCP port = 80
> >>> Dest TCP port = 80
> >>>
> >>> Is this correct ?
> >>>
> >>>
> >>> On Thu, Apr 2, 2009 at 11:19 AM, Divin Mathew John <divinjohn_at_gmail.com
> >>> >wrote:
> >>>
> >>> > I think destination Port would be more APT.! becoz to connect to a
> >>> normal
> >>> > HTTP webserver u wud use port 80 to connect to web server and not
> >>> > necessarily POrt 80 on your comp.!
> >>> > Thanking You
> >>> >
> >>> > Yours Sincerely
> >>> >
> >>> > Divin Mathew John
> >>> > divinjohn_at_gmail.com
> >>> > divin_at_dide3d.com
> >>> > +91 9945430983
> >>> > +91 9846697191
> >>> > +974 5008916
> >>> > PGP PUBLIC KEY BLOCK @ http://www.dide3d.com/divin_Public_PGP_key.txt
> >>> > Sent from Bangalore, KA, India
> >>> >
> >>> > On Thu, Apr 2, 2009 at 11:44 PM, naveen M S <navin.ms_at_gmail.com>
> >>> wrote:
> >>> >
> >>> >> Group,
> >>> >>
> >>> >> I have trouble translating these statements to ACLs.
> >>> >>
> >>> >> 1) All HTTP traffic coming from Vlan 34.
> >>> >> 2) All HTTP traffic coming from R1 on Vlan 34.
> >>> >> 3) All HTTP traffic coming from Web Server on Vlan 34.
> >>> >> 4) All HTTP traffic going out to Vlan 34.
> >>> >> 5) All HTTP traffic going out to Web Server on Vlan 34.
> >>> >>
> >>> >> *Question is:*
> >>> >> Should I match both Source and Destination TCP port to 80 (or) just
> >>> one of
> >>> >> them ?
> >>> >> Assume Vlan 34 = 10.1.34.0/24, R1 = 10.1.34.1/24, WebServer =
> >>> >> 10.1.34.100/24
> >>> >>
> >>> >> My solutions is for the above are:
> >>> >>
> >>> >> a) Match source tcp port = 80 for incoming HTTP traffic
> >>> >> b) Match destination tcp port = 80 for outgoing HTTP traffic.
> >>> >>
> >>> >> 1) ip access-list extended V34_in
> >>> >> permit tcp 10.1.34.0 0.0.0.255 eq www any
> >>> >>
> >>> >> 2) ip access-list extended V34_R1_in
> >>> >> permit tcp 10.1.34.1 0.0.0.0 eq www any
> >>> >>
> >>> >> 3) ip access-list extended V34_WS_in
> >>> >> permit tcp 10.1.30.100 0.0.0.0 eq www any
> >>> >>
> >>> >> 4) ip access-list extended V34_out
> >>> >> permit tcp any 10.1.30.0 0.0.0.255 eq www
> >>> >>
> >>> >> 5) ip access-list extended V34_WS_out
> >>> >> permit tcp any 10.1.30.100 0.0.0.0 eq www
> >>> >>
> >>> >> Can someone please highlight the Source & Destination TCP ports for
> >>> HTTP
> >>> >> traffic in both directions ?
> >>> >>
> >>> >> Thanks very much,
> >>> >> Naveen.
> >>> >>
> >>> >>
> >>> >> Blogs and organic groups at http://www.ccie.net
> >>> >>
> >>> >>
> >>> _______________________________________________________________________
> >>> >> Subscription information may be found at:
> >>> >> http://www.groupstudy.com/list/CCIELab.html
> >>>
> >>>
> >>> Blogs and organic groups at http://www.ccie.net
> >>>
> >>> _______________________________________________________________________
> >>> Subscription information may be found at:
> >>> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
Received on Thu Apr 02 2009 - 14:01:36 ART
This archive was generated by hypermail 2.2.0 : Mon May 04 2009 - 07:39:11 ART