02-10-2014 11:49 PM - edited 03-07-2019 06:07 PM
Hello Everybody
I´m trying to create an access list to control the remote-desk access through the 2289 port.
We have two VLANs,server VLAN-73 and user VLAN-16
We need to deny the remote desktop access to everybody that is in the user vlan except these two exceptions;
1) We will permit the access to everyboy in the user vlan only to these 3 servers (192.168.1.23,192.168.1.25,192.168.1.37)
2)We will permit the remote access to all of our servers only to this 2 hosts (172.16.21.92 and 172.16.21.93)
So I configured the acls in this way,but I can´t do it properlly because It seems like everybody in the user vlan continues accessing to all of the servers.
access-list 101 permit tcp host 172.16.21.92 any eq 3389
access-list 101 permit tcp host 172.16.21.93 any eq 3389
access-list 101 permit tcp any host 192.168.1.23 eq 3389
access-list 101 permit tcp any host 192.168.1.25 eq 3389
access-list 101 permit tcp any host 192.168.1.37 eq 3389
access-list 101 deny tcp any any eq 3389
access-list 101 permit tcp any any
interface vlan 73
ip access-group 101 in
Could anybody help me please?
Thank you and Regards!
IIB
02-11-2014 01:41 AM
Hi,
you should apply your ACL outbound on vlan 73 or inbound on vlan 16 but not inbound on vlan 73 because frames entering this vlan interface will never have a source IP in vlan 16 subnet nor will they initiate the rdp session so their so their destination port won't be 3389 and consequently you'll hit your last line of the ACL which permits tcp any any so replies to remote desktop sessions initiated from vlan 16 subnet.
Regards
Alain
Don't forget to rate helpful posts.
02-11-2014 11:15 PM
Hi
Thank you for your response Alain,I tried to configure the ACL outbound,but when I do it the server vlan falls down.
interface vlan 73
ip access-group 101 out
Maybe my mistake is configuring it in the server vlan interface (73) instead of configuring it in the users vlan interface (16)
02-11-2014 11:35 PM
Hi,
apply it inbound on vlan 16 interface
Regards
Alain
Don't forget to rate helpful posts.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: