access-list implementation

Unanswered Question
Sep 19th, 2008
User Badges:

Hi

Could anybody help me to implement access list for traffic coming from internet to aparticular server with specific ports say 443,25 etc...and also allow telnet from internet to that router and deny other access.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Fri, 09/19/2008 - 23:23
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Mcx,

you need to use an IP extended ACL.


Let's suppose that A.B.C.D is your public ip address associated with the router wan interface.

You need to configure static NAT in order to map services to the internal server


ip nat source inside static 10.10.10.20 tcp 25 A.B.C.D 25

ip nat source inside static 10.10.10.20 tcp 80 A.B.C.D 80

ip nat source inside static 10.10.10.20 tcp 443 A.B.C.D 443


int s0/0

ip nat outside


int e0/0

ip nat inside


access-list 121 permit tcp any A.B.C.D eq 25

access-list 121 permit tcp any A.B.C.D eq 80

access-list 121 permit tcp any A.B.C.D eq 443

access-list 121 permit tcp any A.B.C.D eq 23(*)


int ser0/0

access-group 121 in


(*) allowing telnet access from internet has to be carefully considered, I would suggest to use SSH and to restrict access with another ACL that is applied under line vty 0 4


access-list 25 permit host x.y.z.k


line vty 0 4

access-class 25 in


Hope to help

Giuseppe


Actions

This Discussion