Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Access-list configuration ??

Hi all,

I have just built a small private network, which consists of a couple of Windows 2000 servers, Windows 2000 Professional servers , and a Cisco 2514 series serving as router and simple firewall with access list setting. I intend to make the rule as follows:

- All computers in my private network can use web , FTP , Mail services ( openning port HTTP 80, 20 , 21, 25 )

- Prevent the Intetnet from access to private network, except opening port SMTP 25 only, for transferring messages between my network and outside world.

I think much about how to permit one-direction of data ( allow my netwok can use HTTP, FTP ) but deny other-direction from Internet to my network . I don't know how to write code for that.

And besides, I have been told that it 's more simple if we use parameter "ACK" ( a flag of connection initiation )

If anyone knows about this issue, please give sample codes for two cases:

1 - Access-list code for above rules without "ACK" bit

2 - Access-list code for the rules with "ACK" bit

and your comments ( I mean your comparison between two the above methods ).

Thanks very much for your help.

Tuong Vo Dai


Re: Access-list configuration ??

This link helps

check under "Examples of Configuring Extended IP Access Lists"