Newbie to ACL's

[grimmy26]

Hi I have the following setup as an example and just wanted to run my ACL list by you guys to see if my understanding in on the correct track.

R1 connected by serial to R2 via 192.168.1.0
R1 has 192.168.4.0 going to Support Network
R1 has 192.168.2.0 going to Sales Network

R2 has 192.168.3.0 going to HR Network
R2 has 192.168.5.0 going to Finance Network

First objective is to deny access to Finance Network from the HR Network and all others should be permitted. So my ACL I have come up with is:-

access-list 10 deny 192.168.3.0
access-list 10 permit any
ip access-group 10 in
And I would apply this to the Finance interface as that is the closest to the destination.

Am I understanding it correctly???

Second objective is to write an extended Access list to permit access to sales from the lower half of the address range 2-127 of HR network. All other accesses should be denied. So what I have come up with for this is:-

access-list 110 permit 192.168.3.0 0.0.127.255
access-list 110 deny any
ip access-group 110 out

I would put this on the HR Interface as this is closet to the source.

Any comments would be much appreciated


MCSE NT4, 2000, 2003