restrict acess to internal site to allow only a couple of external ips

[kevwiener]

so basically what i want to do it restrict access to a internal website to only my remote offices public ips so that they can still access the site for testing without having to be on the vpn.

would this work

access-list 101 permit tcp 80 theirpublicip host WebsitepublicIP eq www

thanks
kevin

 

[VinceWhirlwind]

An access list can restrict connections in the way you need, assuming there's no NAT you haven't taken into consideration.

Having said that, if you are in charge of a Hub & Branch WAN, then I would *really* *really* recommend you be using a stateful firewall on any public-facing connection. Access lists just don't really cut it. And a stateful firewall usually includes additional services like IDP and built-in VPN and whatnot these days. Your client will be much safer.

 

[kevwiener]

another firewall isnt an option the company is as tight as a ducks arse so will have to make do with the equipment in place, so really need to know if the above statement would work

kev

 

[VinceWhirlwind]

Roughly, your statement will actually look more like:

permit tcp host 1.1.1.1 host 5.5.5.5 eq www