Unanswered Question
Aug 5th, 2008
User Badges:


I have Server Desktops on network should access all the application installed on the server. The services are using TCP and UDP ports.

If I will open IP any any in ACL and rest Deny. It will work or I have to open TCP and UDP also. Please help.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
rais Tue, 08/05/2008 - 07:25
User Badges:
  • Silver, 250 points or more

IP any any ACL should do it. It covers all UDP/TCP ports.


Rupesh Kashyap Tue, 08/05/2008 - 07:29
User Badges:

Thanks boss. I was confused as I have long list for TCP and UDP ports used by this server.

So my ACL should like-

# Permit IP host

# Deny ip any any log

rais Tue, 08/05/2008 - 07:50
User Badges:
  • Silver, 250 points or more

Yes, the config statements implementing above rules on server-side [in] interface should do it.


patrickvanham Thu, 08/07/2008 - 03:40
User Badges:

Actually that statement should be on the interface towards the LAN as an inbound ACL. It will not work as intended on the interface towards the server as inbound ACL. Alternatively it could be an outbound ACL on the interface towards the server

However, an ACL like that will allow all IP traffic including some you may not want to allow

sdoremus33 Thu, 08/07/2008 - 13:14
User Badges:
  • Bronze, 100 points or more

ip any any will allow both TCP and UDP the scenario should work


This Discussion