you must also add
access-list 101 deny udp any any eq www
ron wrote:
> isn't it supposed to be:
>
> access-list 101 deny tcp any any eq www
>
> ron
> ----- Original Message -----
> From: "Wilson, Bradley"
> To: [EMAIL PROTECTED]
> Sent: Wed, 29 Aug 2001 12:03:33 -0400
> Subject: Work-related ACL problem [7:17695]
> Okay gang, this one's work-related so don't feel obligated to help. ;-) I
> think it's an interesting thought problem though:
>
> The Problem I'm Trying To Solve: allow access to a particular website
> (2.2.2.2) from users on a particular subnet. Do NOT allow them to access
> any *other* website. Allow them to access other resources within your
> internal network (172.0.0.0).
>
> Here's the ACL I came up with:
>
> access-list 101 permit ip any host 167.216.138.4
> access-list 101 deny tcp any eq www any
> access-list 101 permit ip any 172.0.0.0 0.255.255.255
> access-list 101 permit ip any any
>
> This list was created on an MSFC card running in a 6509 chassis, and has
> been applied to interface Vlan1 inbound (I tried outbound as well just for
> kicks). The (unintended) result is that users can access both the target
> website, as well as other websites on the Internet. Any ideas?
>
> Bradley J. Wilson
> CCNP CCDP MCSE NNCSS CNX MCT CTT
> EDS/Boston Scientific Account
> (508) 650-8739
> [EMAIL PROTECTED]
> --
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
>
________________________________________________________________________________
> Check any e-mail over the Web for free at MailBreeze
> (http://www.mailbreeze.com)
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=17800&t=17695
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
