ACL looks like this:
access-list VPN-FILTER permit {remote-IP} [remote-Port] {local-IP} [local-Port]
Examples:
LOCAL: REMOTE:
192.168.1.0/24 —————————- 10.0.0.0/24
LOCAL: 192.168.1.0/24
REMOTE: 10.0.0.0/24
1. Allow REMOTE network to the LOCAL side on port 80:
10.0.0.0/24 > 192.168.1.0/24 via 80
Source Destination Destination Port
10.0.0.10 192.168.1.10 80
access-list VPN-FILTER permit tcp 10.0.0.0 255.255.255.0 192.168.1.0 255.255.255.0 80
2. Allows the LOCAL network to Telnet to the REMOTE network:
192.168.1.0/24 > 10.0.0.0/24 via 23
Source Destination Destination Port
192.168.1.10 10.0.0.10 23
access-list VPN-FILTER permit tcp 10.0.0.0 255.255.255.0 eq 23 192.168.1.0 255.255.255.0
3. Allows the REMOTE network to Telnet to the LOCAL network:
10.0.0.0/24 > 192.168.1.0/24 via 23
Source Destination Destination Port
10.0.0.10 192.168.1.10 23
access-list VPN-FILTER permit tcp 10.0.0.0 255.255.255.0 192.168.1.0 255.255.255.0 eq 23
Verify:
show asp table filter [access-list ] [hits]
SYNTAX Show installed filter for access-list
hits Show filter rules which have non-zero hits values
clear asp table filter [access-list ]
SYNTAX Clear hit counters only for specified access-list