ACL help

[billk89]

I have 2 subnets 10.x and 1.x with a router between them

I have a pix on the 1.x network that does the NATing for both the 10 and 1 networks to access the internet.

I want 2 computers from the 10.x network to be able to access the 1.x computers but do not want the 1.x computers to access the 10.x computers

here is my access list that i have right now
interface Ethernet0
ip address 192.168.1.254 255.255.255.0
ip access-group 100 out
no ip directed-broadcast
no ip proxy-arp
no cdp enable
!
interface Ethernet1
ip address 192.168.10.1 255.255.255.0
no ip directed-broadcast
no ip proxy-arp
no cdp enable
!
no ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1 permanent
logging buffered 4096 debugging
no logging console
access-list 10 permit 192.168.10.0 0.0.0.255
access-list 10 permit 192.168.1.0 0.0.0.255
access-list 100 permit ip any host 192.168.1.1
access-list 100 permit ip any host 192.168.1.199
access-list 100 permit ip host 192.168.10.29 192.168.1.0 0.0.0.255
access-list 100 permit ip host 192.168.10.35 192.168.1.0 0.0.0.255
access-list 100 permit ip any 192.168.100.0 0.0.0.255
access-list 100 deny ip any 192.168.1.0 0.0.0.255
access-list 100 permit ip any any


I was thinking i need to create a 101 access-group deny any INCOMING

Any ideas

Thanks
Bill

 

[burtsbees]

I would think it would be easier in the PIX, since all traffic passes through.

Burt