Access-List

Unanswered Question
Aug 5th, 2008

Hi,

I have Server 10.10.1.5/24. Desktops on network 10.10.5.0/24 should access all the application installed on the server. The services are using TCP and UDP ports.

If I will open IP any any in ACL and rest Deny. It will work or I have to open TCP and UDP also. Please help.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
rais Tue, 08/05/2008 - 07:25

IP any any ACL should do it. It covers all UDP/TCP ports.


Thanks.

Rupesh Kashyap Tue, 08/05/2008 - 07:29

Thanks boss. I was confused as I have long list for TCP and UDP ports used by this server.

So my ACL should like-

# Permit IP 10.10.5.0 0.0.0.255 host 10.10.1.5

# Deny ip any any log

rais Tue, 08/05/2008 - 07:50

Yes, the config statements implementing above rules on server-side [in] interface should do it.


Thanks.

patrickvanham Thu, 08/07/2008 - 03:40

Actually that statement should be on the interface towards the LAN as an inbound ACL. It will not work as intended on the interface towards the server as inbound ACL. Alternatively it could be an outbound ACL on the interface towards the server


However, an ACL like that will allow all IP traffic including some you may not want to allow

sdoremus33 Thu, 08/07/2008 - 13:14

ip any any will allow both TCP and UDP the scenario should work

Actions

This Discussion