Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

DOD Access-List for Windows XP

We run Dial on Demand to manage our ISDN services (for the cost saving benefits).

We've recently installed some Windows XP PC's to the remote sites. These are keeping the links open out of hours. Anyone have any ideas which ports I can deny to keep the links down.

Here's an example of one of my access-lists.

access-list 131 permit tcp any any eq telnet

access-list 131 permit tcp any any eq 1494 (Citrix)

access-list 131 permit tcp any any eq 1604 (Citrix)

access-list 131 deny tcp any eq lpd any

access-list 131 deny ip any host 0.0.0.255

access-list 131 deny ip any host 255.255.255.255

access-list 131 deny eigrp any any

access-list 131 deny udp any any

access-list 131 deny icmp any any

access-list 131 permit ip any any

2 REPLIES

Re: DOD Access-List for Windows XP

Are you sure, that its the Windows XP PCs which are creating the problem??

Because, for domain browsing, netbios uses udp 136, 137 etc, which have been denied by the statement "access-list 131 deny udp any any " . Was this behaviour noticed, before installing the XP PCs.

New Member

Re: DOD Access-List for Windows XP

When we just had Windows 98 Pc's out in remote sites we didn't have a problem.

We also recently installed Active Directory at the main office. I'm trying to work out what traffic is keeping the links up.

147
Views
0
Helpful
2
Replies
CreatePlease to create content