Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

access lists for incoming internet

Hi all

I have taken a look at my access list for my internet, basically it lets everything out, what will be permitting the traffic from the web back to my browser, I cant see any established connections in the access list, so what would be needed to be let in for simple web

thanks all

2 REPLIES
New Member

Re: access lists for incoming internet

did you apply the ACL to the incoming interface, i mean where the internet traffic enters to your router.

this will be probably your serial interface connected to your ISP .

for example if you want to allow only web for established connections from inside, use the following

-----------

Internet

any

-------------------------

|

|

Ser0/0|

+-----------+

| |

+-----------+

Eth0/0|

|

-------------------------

Office

1.1.9.0

access-list 101 - Applied to traffic leaving the office (outgoing)

access-list 102 - Applied to traffic entering the office (incoming)

int ser0/0 (assuming this where you connect to ISP)

access-group 101 out

access-group 102 in

access-list 101 permit tcp 1.1.9.0 0.0.0.255 any eq 80

access-list 101 permit tcp 1.1.9.0 0.0.0.255 any eq 443

access-list 102 permit tcp any 1.1.9.0 0.0.0.255 established

--------------

if this is not the one you r looking for, let me know

New Member

Re: access lists for incoming internet

Hi, thanks for the reply, my question was more that the access lists are already in place, they were created by my router, but I cant see any lists with the established command on there, would it just be permitting anything to my port 80 incoming ?

106
Views
0
Helpful
2
Replies
CreatePlease to create content