Sanity Check - ACL

I have a Cisco 827-4V ADSL router and I want to add an incoming ACL to the ADSL interface that will block attempts to spoof traffic from my network addresses (i.e. so someone outside my network cannot send a packet to a host on my network if the packet claims to be from another host on my network).

My network numbers look kinda like this (the last octet of the Broadcast and also the Netmask are the real numbers):


My router occupies

Would the correct ACL be --> access-list 123 deny ip

I want to make sure before I put it in place.
LVL 34
Who is Participating?

Improve company productivity with a Business Account.Sign Up

bfarmerConnect With a Mentor Commented:
Looks right.  Just add the "any" on the end.  Also you don't mention if there will be any more to the ACL.  Remember there is an implicit deny ip any any in every ACL.

access-list 123 deny ip any
access-list 123 permit ip any any
You should probably block the other private IP subnets (192, 127, 10, etc.) on the outside interface as well.  
PsiCopAuthor Commented:
I don't disagree, but that wasn't my Question.
PsiCopAuthor Commented:

Yes, there will be an "any" at the end of the ACL line - I was checking the syntax of the network specification, wanted to make sure I had correctly translated the network information into Cisco's notation.

Yes, there is a lot more to the ACL, and plenty of specific "permits" to allow the things I need before explicit "deny ip any any log" at the end.
PsiCop - Ok, just wanted to make sure.  Your translation is correct.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.