For a Dial In client to communicate to a host on the LAN, it must be able to send and recieve data.
Two filters will have to be created, one to permit data sent to the LAN host and one to permit data recieved from the LAN host. Then configure the Perle to deny communication to all other hosts.
This is achieved by:
- Add a new filter. Set the Action as Accept, with Source address blank and Destination address as the LAN host. Leave the filter mask at 255.255.255.255 and Protocol to none.
- Add another filter. Set the Action as Accept, with Source address as the LAN host and Destination address blank. Leave the filter mask at 255.255.255.255 and Protocol to none.
- Then add both filters to the assignment list and set the Default Action as Deny.
With this filter arrangement, all TCP/IP packets going to the Destination and all TCP/IP packets recieved by the Source will be permitted.
All other packets are denied.
On the 833IS the configuration file will appear as this example:
ip access-list extended from
permit ip host 18.104.22.168 any
ip access-list extended to
permit ip any host 22.214.171.124
As soon as the packet matches one of the filters, then the packet is accpeted or rejected and no further checking is done. If the packet does not match any assigned filters, then the default action will be carried out.
The packet address is logically AND to the filter mask and compared to the filter address AND filter mask.
10.6.0.0 && 255.255.0.0 =
10.6.135.165 && 255.255.0.0 =
after the Filter Mask both address are equal
10.36.99.235 && 255.255.0.0 =
after the Filter Mask this is not equal