GeneralDzur
Technical User
Hey me again. About to apply this acl. Would this block internet traffic? The xx.xx.195.242 /29 is the router's internet-facing interface. ACLs are applied before NAT is performed, right? Upgrading to a PIX firewall is not an option as the router does not have any internal flash memory.
- stephan
access-list 102 - Perimeter inbound (e1/0 in)
access-list 102 deny ip 10.0.0.0 0.255.255.255 any
access-list 102 deny ip 172.16.0.0 0.15.255.255 any
access-list 102 deny ip 169.254.0.0 0.0.255.255 any
access-list 102 deny ip 192.168.0.0 0.0.255.255 any
access-list 102 deny udp any any range 135 139
access-list 102 deny tcp any any range 135 139
access-list 102 deny tcp any any range 8000 8001
access-list 102 deny tcp any any eq telnet
access-list 102 deny icmp any any
access-list 102 permit tcp any xx.xx.195.242/29 0.0.0.0
accecc-list 102 permit udp any xx.xx.195.242/29 0.0.0.0
access-list 102 permit tcp any any range 1024 4000 est
access-list 102 permit tcp any any eq 80
access-list 102 permit tcp any any eq 443
access-list 102 permit tcp any any eq 995
access-list 102 permit udp any any eq 995
access-list 102 permit tcp any any eq 554
access-list 102 permit udp any any eq 554
access-list 102 permit udp any any eq 7336
access-list 102 permit udp any any eq 34781
access-list 102 permit tcp any any eq 53
access-list 102 permit udp any any eq 53
access-list 102 permit udp any any eq 370
access-list 102 permit tcp any any eq 110
access-list 102 permit udp any any eq 110
access-list 102 permit tcp any any eq 25
access-list 102 permit tcp any any range 20 21
access-list 102 permit udp any any eq 20
access-list 102 permit tcp any any eq 23 est
access-list 102 permit tcp any any eq 522
access-list 102 permit udp any any range 5004 5005
access-list 102 permit tcp any any range 8002 8003
access-list 102 permit tcp any any eq 8080
access-list 102 permit tcp any any eq 143
access-list 102 permit udp any any eq 143
access-list 102 permit tcp any any eq 194
access-list 102 permit udp any any eq 194
access-list 102 permit tcp any any eq 363
access-list 102 permit udp any any eq 363
access-list 102 permit tcp any any eq 389
access-list 102 permit tcp any any eq 537
implicit deny
- stephan
access-list 102 - Perimeter inbound (e1/0 in)
access-list 102 deny ip 10.0.0.0 0.255.255.255 any
access-list 102 deny ip 172.16.0.0 0.15.255.255 any
access-list 102 deny ip 169.254.0.0 0.0.255.255 any
access-list 102 deny ip 192.168.0.0 0.0.255.255 any
access-list 102 deny udp any any range 135 139
access-list 102 deny tcp any any range 135 139
access-list 102 deny tcp any any range 8000 8001
access-list 102 deny tcp any any eq telnet
access-list 102 deny icmp any any
access-list 102 permit tcp any xx.xx.195.242/29 0.0.0.0
accecc-list 102 permit udp any xx.xx.195.242/29 0.0.0.0
access-list 102 permit tcp any any range 1024 4000 est
access-list 102 permit tcp any any eq 80
access-list 102 permit tcp any any eq 443
access-list 102 permit tcp any any eq 995
access-list 102 permit udp any any eq 995
access-list 102 permit tcp any any eq 554
access-list 102 permit udp any any eq 554
access-list 102 permit udp any any eq 7336
access-list 102 permit udp any any eq 34781
access-list 102 permit tcp any any eq 53
access-list 102 permit udp any any eq 53
access-list 102 permit udp any any eq 370
access-list 102 permit tcp any any eq 110
access-list 102 permit udp any any eq 110
access-list 102 permit tcp any any eq 25
access-list 102 permit tcp any any range 20 21
access-list 102 permit udp any any eq 20
access-list 102 permit tcp any any eq 23 est
access-list 102 permit tcp any any eq 522
access-list 102 permit udp any any range 5004 5005
access-list 102 permit tcp any any range 8002 8003
access-list 102 permit tcp any any eq 8080
access-list 102 permit tcp any any eq 143
access-list 102 permit udp any any eq 143
access-list 102 permit tcp any any eq 194
access-list 102 permit udp any any eq 194
access-list 102 permit tcp any any eq 363
access-list 102 permit udp any any eq 363
access-list 102 permit tcp any any eq 389
access-list 102 permit tcp any any eq 537
implicit deny