This should be a pretty simple question, but I just can't seem to figure it out. Network diagram is here. I've made an ACL that should allow packets incoming to Server A, from Server B, and drop all other incoming traffic. I do not want to restrict any outgoing traffic from Server A, and no other ACLs exist on the network.
This is an Extreme/Enterasys router, but the syntax and logic for ACLs is the same as Cisco. Here's the ACL:
Standard IP access list Vlan25-Inoming 1 permit host 10.1.18.123 log When I apply this ACL to the Inbound side of interface 10.1.25.1, Server A and B cannot communicate. When I apply it to the Outbound side, it works as expected.
The format for the ACL is permit [source], so how does it make sense that Server B's address could be a source outbound from 10.1.25.20? My understanding is that a ping from Server B would hit the Inbout interface of 10.1.25.1, and the Source of that packet would be Server B.
What am I missing here?
Thanks!
No comments:
Post a Comment