Posted on 2009-02-16
I have to build ACLs to filter outgoing packets to 3 machines, from specific IPs. I have a monitor session set up like this:
Type : Local Session
Source Ports :
Both : Gi4/4,Gi4/6,Gi4/8-9
Destination Ports : Gi4/34-35,Gi4/38
I need to set up the ACLs at destination ports, for a bunch of random IP numbers. I made a script to create the ACL lines for each IP, so that's not a problem. The issue is that my IOS version doesn't support interface based extended ACLs (outgoing), only IP and MAC.
Here goes some examples of the ACL lines I've created:
access-list 101 permit ip 172.30.4.54 0.0.0.0 172.19.169.44 0.0.0.0
access-list 101 permit ip 172.30.4.29 0.0.0.0 172.19.169.44 0.0.0.0
access-list 101 permit ip 172.30.4.30 0.0.0.0 172.19.169.44 0.0.0.0
It would work fine if I could set up an outgoing access-group filter with those, but I can't.
Is there any other way around this? I'm kinda new to ACL, so I don't even know if that would be the best configuration.