A fast try:
access-list 101 permit tcp (vlan subnet) (vlan subnet re-mask) host 2.2.2.2
eq www
access-list 101 permit ip (vlan subnet) (vlan subnet re-mask) 172.0.0.0
0.255.255.255
access-list 101 deny ip any any
apply outbound to the VLAN subnet you are trying to control (i.e. VLAN 30)
Don't know what your VLAN is so that is the reason for the vlan labels
above.
Ed
""Wilson, Bradley"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Okay gang, this one's work-related so don't feel obligated to help. ;-) I
> think it's an interesting thought problem though:
>
> The Problem I'm Trying To Solve: allow access to a particular website
> (2.2.2.2) from users on a particular subnet. Do NOT allow them to access
> any *other* website. Allow them to access other resources within your
> internal network (172.0.0.0).
>
> Here's the ACL I came up with:
>
> access-list 101 permit ip any host 167.216.138.4
> access-list 101 deny tcp any eq www any
> access-list 101 permit ip any 172.0.0.0 0.255.255.255
> access-list 101 permit ip any any
>
> This list was created on an MSFC card running in a 6509 chassis, and has
> been applied to interface Vlan1 inbound (I tried outbound as well just for
> kicks). The (unintended) result is that users can access both the target
> website, as well as other websites on the Internet. Any ideas?
>
>
>
> Bradley J. Wilson
> CCNP CCDP MCSE NNCSS CNX MCT CTT
> EDS/Boston Scientific Account
> (508) 650-8739
> [EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=17698&t=17695
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
