Sanity Check - ACL
I have a Cisco 827-4V ADSL router and I want to add an incoming ACL to the ADSL interface that will block attempts to spoof traffic from my network addresses (i.e. so someone outside my network cannot send a packet to a host on my network if the packet claims to be from another host on my network).
My network numbers look kinda like this (the last octet of the Broadcast and also the Netmask are the real numbers):
Netmask: 255.255.255.192
Broadcast: 10.70.41.127
My router occupies 10.70.41.65
Would the correct ACL be --> access-list 123 deny ip 10.70.41.64 0.0.0.63
I want to make sure before I put it in place.
My network numbers look kinda like this (the last octet of the Broadcast and also the Netmask are the real numbers):
Netmask: 255.255.255.192
Broadcast: 10.70.41.127
My router occupies 10.70.41.65
Would the correct ACL be --> access-list 123 deny ip 10.70.41.64 0.0.0.63
I want to make sure before I put it in place.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You should probably block the other private IP subnets (192, 127, 10, etc.) on the outside interface as well.
ASKER
I don't disagree, but that wasn't my Question.
ASKER
bfarmer,
Yes, there will be an "any" at the end of the ACL line - I was checking the syntax of the network specification, wanted to make sure I had correctly translated the network information into Cisco's notation.
Yes, there is a lot more to the ACL, and plenty of specific "permits" to allow the things I need before explicit "deny ip any any log" at the end.
Yes, there will be an "any" at the end of the ACL line - I was checking the syntax of the network specification, wanted to make sure I had correctly translated the network information into Cisco's notation.
Yes, there is a lot more to the ACL, and plenty of specific "permits" to allow the things I need before explicit "deny ip any any log" at the end.
PsiCop - Ok, just wanted to make sure. Your translation is correct.