I made it like this but it didn't work everyone is able to access 2002 port but i want only 212.146.145.105 ip number to access that port

access-list 101 permit tcp 212.146.145.105 0.0.0.0 any eq 2002

access-list 101 deny tcp any any eq 2002

access-list 101 permit ip any any

config terminal

interface ethernet0

ip access-group 101 in

is the IP 212.146.145.105 inside your LAN ?

do you want to block outgoing access to 2002 from inside your LAN ?

To troubleshoot try the log command at the end of the block line

access-list 101 permit tcp 212.146.145.105 0.0.0.0 any eq 2002

access-list 101 deny tcp any any eq 2002 log

access-list 101 permit ip any any

no my ip adress is 212.50.35.97 the 212.146.145.105 ip is outside of my lan and i want it to acces 2002 port on my network

Is the IP 212.146.145.105 on the Internet ?

If that is the case is there any specific server on your network that you want 212.146.145.105 to access on port 2002 ?

You could be exposing all your servers to the internet. this is a security risk

No I have isa server behind that router so everything is under control and i opened a port to a specific server on my network from isa server but isa server doesn't support ip checking.So I have to configure the router as it will not allow anyone beside 212.146.145.105 to reach 2002 port.

P.S:Our router doesnt have any access-list beside I wrote for this port thing it allows everyone to pass by

Sorry NAT is not the right word - you would have published the server right ?

I believe the ACL would work better with a 32 bit subnet rather than a 0 bit. You are telling it to allow anything in with that mask. Try 255.255.255.255 instead of 0.0.0.0

255.255.255.255 would mean all hosts.

( This is used only in Routes )