10-22-2007 01:00 AM - edited 03-11-2019 04:28 AM
Hi all,
Hi have an ADSL router with dialer wan interfaz and negotiating IP with the ISP.
I am doing NAT as well.
I have several static PATs configured for publishing some services.
I have no ACL configured more than the one in vty line for ssh access.
I would like to control the access to the pat translation, in a source IP basis.
I am trying to do something like:
access-list 120 permit tcp host public_IP_clientA host my_public_IP eq 22
access-list 120 deny tcp any host mypublic_IP eq 22
access-list 120 permit ip any any
access-list 120 permit icmp any any
With this I want client A to be the only one who can access my internal ssh service on port 22.
The point is that once I add this acl, my router losses the communication with inet. I have added the last two statements trying to permit all ip and icmp traffic.
Can anyone help my? How can I allow all traffic with an ACL? Is there any way of setting up a rule like: access-list 120 permit any_protocol any any for avoiding implicit deny all policy?
Thanks in advance,
Jorge
10-22-2007 05:12 AM
Where are you applying this ACL? (what interface and in what direction?)
10-22-2007 06:08 AM
Sorry, I forgot it. Wan interface (dialer 0), inbound.
Thanks in advance.
Jorge
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide