<div>
The solution is pretty clear and mr Atlas_shuddered confirm the same point.
</div>


The solution is pretty clear and mr Atlas_shuddered confirm the same point.

<div>
<div class="content wysiwyg-content">
I use cisco3560<br />
I want to vlan A access vlan B with tcp protocol, and vlan B could not access &nbsp;vlan A. vlan A and vlan B could access internet.<br />
vlan A: 10.10.10.1/24 &nbsp;, vlan B: 10.10.20.1/24 <br />
<br />
ip access-list extend test<br />
permit tcp any 10.10.20.0 0.0.0.255 established<br />
permit ip any any<br />
<br />
interface &nbsp;vlan A<br />
ip access-group test out<br />
<br />
interface vlan B<br />
ip access-group test in<br />
<br />
but it seemed not worked, both can access internet , and access each other,<br />
&nbsp;it's my configuration problem ?
</div>
</div>


I use cisco3560
I want to vlan A access vlan B with tcp protocol, and vlan B could not access  vlan A. vlan A and vlan B could access internet.
vlan A: 10.10.10.1/24  , vlan B: 10.10.20.1/24 

ip access-list extend test
permit tcp any 10.10.20.0 0.0.0.255 established
permit ip any any

interface  vlan A
ip access-group test out

interface vlan B
ip access-group test in

but it seemed not worked, both can access internet , and access each other,
 it's my configuration problem ?

established acl in cisco 3560

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Cisco

A switch is a device that filters and forwards packets of data between LAN segments. Switches operate at the data link layer or the network layer of the Open Systems Interconnection (OSI) Reference Model and therefore support any packet protocol. LANs that use switches to join segments are called switched LANs or, in the case of Ethernet networks, switched Ethernet LANs. A hub is a connection point for devices in a network. Hubs are commonly used to connect segments of a LAN. A hub contains multiple ports; when a packet arrives at one port, it is copied to the other ports so that all segments of the LAN can see all packets.