ACL to allow 80 only to wan

Answered Question
Dec 7th, 2011
User Badges:

I need to configure an ACL for a new wireless network to allow a subgroup of people access to the outside world with only limited local resources.  I only want them to have port 80 traffic to the outside, not internally.  Right now I have "10 permit tcp 10.0.54.0 0.0.0.255 any eq www" which allows the users to hit port 80 traffic all over the internal network.  What would be the rule to just allow 80 to the internet?  Thanks.


Extended IP access list 140

10 permit tcp 10.0.54.0 0.0.0.255 any eq www

20 permit tcp 10.0.54.0 0.0.0.255 any eq 443

40 permit udp 10.0.54.0 0.0.0.255 any eq domain

60 permit esp 10.0.54.0 0.0.0.255 any

70 permit gre 10.0.54.0 0.0.0.255 any

80 permit udp any any eq bootps

90 permit udp any any eq bootpc

100 permit tcp 10.0.54.0 0.0.0.255 any eq 5223

110 permit tcp 10.0.54.0 0.0.0.255 any eq 465

120 permit tcp 10.0.54.0 0.0.0.255 any eq 993

Correct Answer by Ton V Engelen about 5 years 8 months ago

Hi


assuming your inside network is all 10.x.x.x, i would do something like this


First deny port 80 to the inside network (10.0.0.0) and then allow port 80 to anything thats not in 10.0.0.0


10 deny tcp 10.0.54.0 0.0.0.255 10.0.0.0 0.0.0.255 eq www

20 permit tcp 10.0.54.0 0.0.0.255 any eq www


good luck!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Ton V Engelen Wed, 12/07/2011 - 07:00
User Badges:
  • Bronze, 100 points or more

Hi


assuming your inside network is all 10.x.x.x, i would do something like this


First deny port 80 to the inside network (10.0.0.0) and then allow port 80 to anything thats not in 10.0.0.0


10 deny tcp 10.0.54.0 0.0.0.255 10.0.0.0 0.0.0.255 eq www

20 permit tcp 10.0.54.0 0.0.0.255 any eq www


good luck!

Actions

This Discussion

Related Content