HI Friends need to allow 192.168.27.55 acl policey

  • 0
  • 1
  • Problem
  • Updated 4 years ago
This policy we need to allow IP:192.168.27.55 only.kindly Help as


Policy: test
entry Deny_53 {
if match all {
    source-address 192.168.53.0/24 ;
    destination-address 192.168.26.0/24 ;
}
then {
    deny  ;
    count Deny_53 ;
}
}
entry Deny_27 {
if match all {
    source-address 192.168.27.0/24 ;
    destination-address 192.168.26.0/24 ;
}
then {
    deny  ;
    count Deny_27 ;
}
}
entry Deny_51 {
if match all {
    source-address 192.168.51.0/24 ;
    destination-address 192.168.26.0/24 ;
}
then {
    deny  ;
    count Deny_51 ;
}
}
entry Permit {
if match all {
    source-address 0.0.0.0/0 ;
}
then {
    permit  ;
}
}
Number of clients bound to policy: 1
Client: acl bound once
Photo of Mohammed Jasheer

Mohammed Jasheer

  • 916 Points 500 badge 2x thumb

Posted 4 years ago

  • 0
  • 1
Photo of Paul Russo

Paul Russo, Alum

  • 9,694 Points 5k badge 2x thumb
Hello Mohammed

I don't understand what you need to do.  I see the specific denies for the source and destination ranges.  Then you have an explicit permit which should let everything else through.

Do you need the specific  IP going to a specific host?

Thanks
P
Photo of Mohammed Jasheer

Mohammed Jasheer

  • 916 Points 500 badge 2x thumb
hallow Paul
                       I need allow specific host  access 192.168.26.0 network
(Edited)
Photo of Paul Russo

Paul Russo, Alum

  • 9,694 Points 5k badge 2x thumb
ok so all we need to do is put two permits at the beginning of the policy something like this

entry Permit_26 {
if match all {
    source-address 192.168.27.55/32 ;
    destination-address 0.0.0.0/0 ;
}
then {
    permit ;
    count permit_26 ;
entry permit_26_2 {
if match all {
    source-address 0.0.0.0/0 ;
    destination-address 192.168.27.55/32 ;
}
then {
    permit  ;
    count  permit_26_2;


put these before the denies. this will allow traffic to and from that host

P
Photo of Mohammed Jasheer

Mohammed Jasheer

  • 916 Points 500 badge 2x thumb
thanks paul

that problem is solved