How to Implement this Access-list

kmcelroy · Mar 21, 2003

I have a 3662 router with the following:

Serial 0/1 Connection to Internet
F0/0 Connection to Switch for LAN Use

My company wants to block the use of MSN Messenger to certain workstations. So I set the following up and it doesn't work:

access-list 103 deny tcp host 192.168.0.101 any eq 1863 access-list 103 permit ip any any

applied it to F0/0 as ip access-group 103 out

Can any help me with this one?

brontosaurus · Mar 21, 2003

isn't the IP address going to get NAT'd prior to leaving via that interface? Perhaps you should apply that list to the "inside" interface?

kmcelroy · Mar 21, 2003

The IP is just made up, I am using a public address that requires not to be translated

baddos · Mar 21, 2003

MSN Messenger will use TCP port 80 if it can't use it's regular port. The only way to block MSN messenger is to get a hold of the messenger server's IP addresses and block them that way.

brontosaurus · Mar 21, 2003

thanks baddos, good to know.
If it's any help, I believe MSN Messenger servers are on the 64.4.0.0/18 network...

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

How to Implement this Access-list

kmcelroy

ISP

brontosaurus

MIS

kmcelroy

ISP

baddos

MIS

brontosaurus

MIS

Similar threads

Part and Inventory Search

Sponsor