Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Access Control list to setup firewall internal to our network

Posted on 2006-10-19
6
Medium Priority
?
263 Views
Last Modified: 2013-11-16
We have a Police Department network which accesses services such as email, internet, file sharing/printing from the City Hall network.  I want to setup a firewall in such a way that the Police Department can access everything on the City Hall network.  I want nobody except the servers at City Hall be able to talk to servers at Police Department.

The Police Department is connected to City Hall using a fiber trunk.

The Police Department network is 172.22.0.0 and there gateway interface to City hall is 172.22.9.1

The City Hall network is 10.0.0.0 network.

Any help with a sample access list will greatly help.
0
Comment
Question by:rwcstaff
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 1

Accepted Solution

by:
Sean64 earned 500 total points
ID: 17770601
Here's a simple ACL (assuming all servers reside on 10.255.x.x subnetwork.
It would be helpfull to know what the subnet masks are at each site, as well as what type of firewall you're using to provide a better answer.

PERMIT 10.255.0.0 255.255.0.0 172.22.0.0 255.255.0.0
DENY ALL

0
 
LVL 3

Assisted Solution

by:tang_tzuchi
tang_tzuchi earned 500 total points
ID: 17771138
Hi,

Beside the ACL provided by Sean64, you can add another statement for all traffic Police Department to City Hall network:

PERMIT 172.22.0.0 255.255.0.0 10.0.0.0 255.0.0.0
PERMIT 10.255.0.0 255.255.0.0 172.22.0.0 255.255.0.0
DENY ALL
0
 

Author Comment

by:rwcstaff
ID: 17775025
Thanks Sean64 and Tang tzuchi.  Sean64, you had a question about the subnet mask on both sides.  It is 255.255.0.0.  Having said that will the ACL you are suggesting still valid.  Thanks.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question