12-07-2011 06:25 AM - edited 03-07-2019 03:47 AM
I need to configure an ACL for a new wireless network to allow a subgroup of people access to the outside world with only limited local resources. I only want them to have port 80 traffic to the outside, not internally. Right now I have "10 permit tcp 10.0.54.0 0.0.0.255 any eq www" which allows the users to hit port 80 traffic all over the internal network. What would be the rule to just allow 80 to the internet? Thanks.
Extended IP access list 140
10 permit tcp 10.0.54.0 0.0.0.255 any eq www
20 permit tcp 10.0.54.0 0.0.0.255 any eq 443
40 permit udp 10.0.54.0 0.0.0.255 any eq domain
60 permit esp 10.0.54.0 0.0.0.255 any
70 permit gre 10.0.54.0 0.0.0.255 any
80 permit udp any any eq bootps
90 permit udp any any eq bootpc
100 permit tcp 10.0.54.0 0.0.0.255 any eq 5223
110 permit tcp 10.0.54.0 0.0.0.255 any eq 465
120 permit tcp 10.0.54.0 0.0.0.255 any eq 993
Solved! Go to Solution.
12-07-2011 07:00 AM
Hi
assuming your inside network is all 10.x.x.x, i would do something like this
First deny port 80 to the inside network (10.0.0.0) and then allow port 80 to anything thats not in 10.0.0.0
10 deny tcp 10.0.54.0 0.0.0.255 10.0.0.0 0.0.0.255 eq www
20 permit tcp 10.0.54.0 0.0.0.255 any eq www
good luck!
12-07-2011 07:00 AM
Hi
assuming your inside network is all 10.x.x.x, i would do something like this
First deny port 80 to the inside network (10.0.0.0) and then allow port 80 to anything thats not in 10.0.0.0
10 deny tcp 10.0.54.0 0.0.0.255 10.0.0.0 0.0.0.255 eq www
20 permit tcp 10.0.54.0 0.0.0.255 any eq www
good luck!
12-07-2011 07:08 AM
Great, thanks Ton
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide