Re: Access List

londint · ‎01-23-2003

Need a big help with an access list

I need to write an access list but i get the source and destination direction mixed up.

I need certain external users ( any) to be able to access 3 servers ( specific ip say 1.1.1.1, 2.2.2.2,3.3.3.3 and so on) on our site via ports 1,2,3 respectively. These are tcp ports.

Please how do I write this.

Thanks

sknorr · ‎01-23-2003

If the external users are requesting to get into those servers then that makes them the source. You will have to use an extended access-list to open specific tcp ports.

a.manosca · ‎01-23-2003

As mentioned, you have to use extended ACLs (numbered 100-199).

Assuming the external users comes into the Serial0 interface,

configure an incoming ACL filter in this interface.

When you mentioned "any", I assumed you mean "every external user".

you can try the following:

access-list 100 permit tcp any host 1.1.1.1 eq 1

access-list 100 permit tcp any host 2.2.2.2 eq 2

access-list 100 permit tcp any host 3.3.3.3 eq 3

interface Serial0

ip address ****** ******

ip access-group 100 in

The access-list above permits the external users to access ONLY

the 3 servers using the specified ports. All other access is denied.

Do not forget that there's always an IMPICIT "deny any any" at the

end of an access-list.

So if there are other users besides the "ANY" external users you

mentioned, they will be denied for any access.

Hope this helps.

londint · ‎01-24-2003

Thank you so very much. I will let u know as soon as it is usccessful. Thanks both of you.