Locking down access via Application ports (access-lists)
We would like to lock down a WAN connection using access-lists. This is as well as others security products, the main reason for this is to limit what goes across the links.
I have created an access-list that permits the main application ports that we use, eg ftp, telnet, terminal server (3389), web proxy (8080) etc. The problem is when I apply these, no packets get through, so permitting Ip any any all allowed it to work - but this allowed me to do things that I don't want to be able to do.
We use EIGRP on the frame links so I tried permitting eigrp any any but still no packets could get to their destination.
Any ideas on what I could other than allow static route access?
Re: Locking down access via Application ports (access-lists)
Not quite sure where you apply your ACLs or how your routers are connected since the IP's are on different subnets. However let's assume that you are using IP unnumbered and that you want to control the traffic from 10.100.0.1 towards 10.101.0.1 then you would put somethinglike this in your ACL:
permit ip host 10.100.0.1 host 126.96.36.199
The ACL would be applied out on the WAN interface.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...