Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

1720, NAT and Access-list

We have a 1720 with a WAN Interface, to the internet, We have NAT statements to map an external IP to an internal IP for access to services, email, www, etc..

I want to setup access-list to only open ports for the services needed. The way it is currently setup, is there is a one-to-one nat with all ports being mapped.

I entered a access-list statement like this: access-list 102 permit tcp ant host EXTERNALIP eq smtp. When I do a port scan, it still shows all the open ports. Am I doing something wrong? There is another WAN interface that connects to a remote site.

1 REPLY
Silver

Re: 1720, NAT and Access-list

Creating access-list apart, did you apply the same to BOTH the interfaces?

197
Views
0
Helpful
1
Replies
CreatePlease to create content