Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Access List

Need a big help with an access list

I need to write an access list but i get the source and destination direction mixed up.

I need certain external users ( any) to be able to access 3 servers ( specific ip say 1.1.1.1, 2.2.2.2,3.3.3.3 and so on) on our site via ports 1,2,3 respectively. These are tcp ports.

Please how do I write this.

Thanks

3 REPLIES
New Member

Re: Access List

If the external users are requesting to get into those servers then that makes them the source. You will have to use an extended access-list to open specific tcp ports.

Bronze

Re: Access List

As mentioned, you have to use extended ACLs (numbered 100-199).

Assuming the external users comes into the Serial0 interface,

configure an incoming ACL filter in this interface.

When you mentioned "any", I assumed you mean "every external user".

you can try the following:

access-list 100 permit tcp any host 1.1.1.1 eq 1

access-list 100 permit tcp any host 2.2.2.2 eq 2

access-list 100 permit tcp any host 3.3.3.3 eq 3

interface Serial0

ip address ****** ******

ip access-group 100 in

The access-list above permits the external users to access ONLY

the 3 servers using the specified ports. All other access is denied.

Do not forget that there's always an IMPICIT "deny any any" at the

end of an access-list.

So if there are other users besides the "ANY" external users you

mentioned, they will be denied for any access.

Hope this helps.

New Member

Re: Access List

Thank you so very much. I will let u know as soon as it is usccessful. Thanks both of you.

79
Views
0
Helpful
3
Replies