Help with Access Control List - 2500

GregSnider · Dec 1, 2003

I want to resrtict traffic so that ports 443 and 1723 can pass inbound to a specific IP Address and everything else is denied. Also ports 25 and 53 can pass outbound from the specific IP address and everything else is denied. I don't know much about ACL commands, please help me out.

IPKONFIG · Dec 1, 2003

GregSnider,

First off you need to use an extended access list. Which is in the range of 100-199.

(inbound access list)
access-list 100 permit ip A.B.C.D E.F.G.H eq 443
access-list 100 permit ip A.B.C.D E.F.G.H eq 1723
access-list 100 deny ip any any

(outbound access list)
access-list 101 permit ip A.B.C.D E.F.G.H eq 25
access-list 101 permit ip A.B.C.D E.F.G.H eq 53
access-list 101 deny ip any any

You'll need to apply these to each interface that it applies too. For example:

interface e0
access-group 100 in

interface e1
access-group 101 out

"I can picture a world without war. A world without hate. A world without fear. And I can picture us attacking that world, because they'd never expect it."
- Jack Handey, Deep Thoughts

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Help with Access Control List - 2500

GregSnider

Technical User

IPKONFIG

Instructor

Similar threads

Part and Inventory Search

Sponsor