Access List configuration on Cisco 2600

[seong76]

I am new to cisco. I do have good knowledge of TCP/IP. I have a LAN with one Cisco 2600 router and 1 switch, with about 50 computers. All the workstations have public static IPs. The LAN doesn't have any security devices or softwares. I want to setup the access list to only allow 6 ports to two of the Windows2000 servers. I need some baby steps on how I should go about doing this. I thank you inadvance for any input.

 

[seong76]

I want to only allow ports 1001,1002,1433,5631,5632. For the servers. And for the workstations, I want to block all external requests.

 

[seong76]

access-list 1 permit tcp any host 8.4.46.66 eq 1433
access-list 1 permit tcp any host 8.4.46.110 eq 1433
access-list 1 permit tcp any host 8.4.46.66 eq 1001
access-list 1 permit tcp any host 8.4.46.110 eq 1001
access-list 1 permit tcp any host 8.4.46.66 eq 5631
access-list 1 permit tcp any host 8.4.46.110 eq 5631
access-list 1 permit udp any host 8.4.46.66 eq 5632
access-list 1 permit udp any host 8.4.46.110 eq 5632


Will this work???

 

[ChrisAC]

Why on earth do all your workstations have public IP's?? This is really bad practice and you should be using a private addressing scheme with a NAT device (router or firewall). If nothing else it's a terrible waste of IP addresses!At worst it's a huge security problem.

Chris.
**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************

 

[seong76]

I understand that it is a very bad parctice to have public IP on all the workstations. The public IP was assigned to all the workstations before I was assigned to this company. I was told to implement security with out having to buy extra equipment. I figured, the access list is the way to do this.

Thanks for the reply