I need to restrict inbound connections to port 5001 and 5000 which are natted to 3389 on two different internal servers for access by only a handful of IPs. Problem is there is no firewall, just a 1760 router. How should I configure the access list so as to not disturb any of the other routed services? It seems as though access lists on this router are configured for the whole device, not per interface...
I am not sure why Geordie believes that access lists are configured for the router as a whole and not done per interface. As several responses have pointed out access lists for routers (including the 1700 series) are applied per interface with the access-group command. Perhaps Geordie can clarify what made him think that they did not work per interface on his router.
Sorry Rick I was confused. I am still finding my feet on access lists and because the list is created at global config (but applied to the interface using access-group as you state) I got my wires crossed.
Thanks so much man, this is exactly what I needed. one last question, NAT maps 5000 and 5001 to 3389 on two different internal servers, should the syntax reflect the local port numbers of those server (i.e. 3389) or the nat'd ports on the WAN interface (5000 and 5001)?
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...