Hi every body,
I have known last days that some robots ( or hackers) I dont know extactly , but some atacks which coming from the WAN (Internet) try to access to 3 SIP servers in our LAN to register their account.
Now I want to deny any host out of my LAN to access my 3 SIP servers via the 5060 to 5080 ports by indentify the ip server and the ip source.
I want to do it in my CATALYST 2950 where are connected also the router managed by our internet provider and the 3 SIP servers.
Is that possible and how can I do that ( I have never configured ACL in a cisco equipment and don't want to do errors which can stop all activities in our trafic)
PS: Server Ip adress : 192.168.1.2 / 192.168.1.242 / 192.168.11.252
So all host in this network 192.168.1.0 and 192.168.11.0 can access to the 3 SIP servers but the others must be deny only by the
ports 5060 to 5080 ( because the technical support access to the servers via ssh or telnet or http)
Yes it's great,
I think that will be ok. I'll try it tomorrow because not at job.
But for the last line why "Switch(config-if)# ip access-group 102 in" I think it wwill be "Switch(config-if)# ip access-group 1110 in" for your example.
I'll tell you tomorrow
Thanks and regards.
PS: Also for my personal knowledge does this ACL do the same thing but now we apply it where for example the server 192.168.1.2 is connected on the catalyst
Switch(config)# access-list 110 permit ip 192.168.1.0 0.0.0.255 host 192.168.1.2 range 5060 5080
Switch(config)# interface gigabitethernet0/1
Switch(config-if)# ip access-group 110 in
I am sorry that was type error, the above example of acl which youu have written that of no need as the server and the source are in same subnet and as per your requirement you need to give permission to local lan subnet apart from internet users on port range 5060 to 5080.
so try the configuration in my previous post and share the results.
Hope to Help !!
Remember to rate the helpful post