I want to block all the traffic out without an ip, so that my vpn client can only access to that ip.
What should I do with the access list?
Problem with access list
-
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: Problem with access list
Please add following three rules.
1.Allow the packet destinated to the IP.
2.Allow the packet from the IP.
3.Deny all packets.
1.Allow the packet destinated to the IP.
2.Allow the packet from the IP.
3.Deny all packets.
-
- Posts: 6
- Joined: Wed Aug 27, 2014 1:35 pm
Re: Problem with access list
thisjun wrote:
> Please add following three rules.
>
> 1.Allow the packet destinated to the IP.
> 2.Allow the packet from the IP.
> 3.Deny all packets.
It doesn't work! It will make the client cannot be connected as it deny the packet transfer to the client.
> Please add following three rules.
>
> 1.Allow the packet destinated to the IP.
> 2.Allow the packet from the IP.
> 3.Deny all packets.
It doesn't work! It will make the client cannot be connected as it deny the packet transfer to the client.
-
- Posts: 11
- Joined: Fri Sep 26, 2014 2:33 pm
Re: Problem with access list
Been going through this myself.
The problem with those 3 rules is that rule 3 disards everything. Including DNS and DHCP requests!
Make sure you also allow to/from your DNS server and/or DHCP server over the correct port numbers.
The problem with those 3 rules is that rule 3 disards everything. Including DNS and DHCP requests!
Make sure you also allow to/from your DNS server and/or DHCP server over the correct port numbers.