09-20-2007 09:44 AM - edited 03-05-2019 06:36 PM
i am looking to create an acl to block all traffic except for remote desktop connections to an interface on a cisco 3640
the total network is basically a 10.0.0.0 and the network for the interface is 10.101.150.0
09-20-2007 09:58 AM
Hi Adam
It's not clear what you mean by an interface on the router. The following access-list would only allow rdp connections but it's a little difficult to suggest which interface to apply it to and in which direction.
access-list 101 permit tcp any 10.101.150.0 255.255.255.0 eq 3389
access-list 101 deny ip any any
int fa0/0
ip access-group 101 out
This assumes the network 10.101.150.0 is connected to the fa0/0 interface on your router.
The above access-list will only allow traffic sent to a host on 10.101.150.0 network on port 3389. It will block everything else.
HTH
Jon
09-20-2007 10:08 AM
sorry i should have been a little more specific. the interface would be fastethernet 0/1 and i want to limit all inbound and outbound traffic
09-20-2007 12:01 PM
access-list 110 permit tcp 10.0.0.0 0.255.255.255 host 10.101.150.0 0.0.0.255 eq 3389
apply it to the interface
09-20-2007 12:03 PM
oops.. too much time on the PIX. those wild card masks should be reversed. 255.0.0.0.0, etc
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide