01-23-2003 09:05 AM - edited 03-02-2019 04:28 AM
Need a big help with an access list
I need to write an access list but i get the source and destination direction mixed up.
I need certain external users ( any) to be able to access 3 servers ( specific ip say 1.1.1.1, 2.2.2.2,3.3.3.3 and so on) on our site via ports 1,2,3 respectively. These are tcp ports.
Please how do I write this.
Thanks
01-23-2003 12:56 PM
If the external users are requesting to get into those servers then that makes them the source. You will have to use an extended access-list to open specific tcp ports.
01-23-2003 04:42 PM
As mentioned, you have to use extended ACLs (numbered 100-199).
Assuming the external users comes into the Serial0 interface,
configure an incoming ACL filter in this interface.
When you mentioned "any", I assumed you mean "every external user".
you can try the following:
access-list 100 permit tcp any host 1.1.1.1 eq 1
access-list 100 permit tcp any host 2.2.2.2 eq 2
access-list 100 permit tcp any host 3.3.3.3 eq 3
interface Serial0
ip address ****** ******
ip access-group 100 in
The access-list above permits the external users to access ONLY
the 3 servers using the specified ports. All other access is denied.
Do not forget that there's always an IMPICIT "deny any any" at the
end of an access-list.
So if there are other users besides the "ANY" external users you
mentioned, they will be denied for any access.
Hope this helps.
01-24-2003 02:15 AM
Thank you so very much. I will let u know as soon as it is usccessful. Thanks both of you.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide