Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

Access List

Hi there,

I wanted to enhance my ACL on the router, so i perform the ACL on the router WAN port (S0)

ip access-group 101 in

ip access-group 120 out

In the DMZ, there is 1 PC (202.186.250.132) which need to access to only www no other things would be allowed. So i specified the ACL like the following, but unfortuanlley it didn't work ....

access-list 101 permit tcp any eq www 202.186.250.132 0.0.0.0

access-list 101 permit tcp any eq domain 202.186.250.132 0.0.0.0

access-list 101 permit udp any eq domain 202.186.250.132 0.0.0.0

access-list 101 deny ip any any

access-list 120 permit tcp host 202.186.250.132 eq www any

access-list 120 permit tcp host 202.186.250.132 eq domain any

access-list 120 permit udp host 202.186.250.132 eq domain any

access-list 120 deny ip any any

Please advice if i have specified anything wrongly ?

Thanks & Regards

Terence

1 REPLY
New Member

Re: Access List

!Allow host 202.186.250.132 to access the web server

access-list 101 permit tcp host 202.186.250.132 host [web server ip address] eq www

!Allow host 202.186.250.132 to access the web server's SSL

access-list 101 permit tcp host 202.186.250.132 host [web server ip address] eq 443

!Allow web server to respond to HTTP requests

access-list 120 permit tcp host [web server ip address] any established

!Allow web server to send DNS queries

access-list 120 permit udp host [web server ip address] any eq domain

access-list 120 permit tcp host [web server ip address] any eq domain

I did not include the explicit deny statement due to implicit deny that will take effect.

111
Views
0
Helpful
1
Replies
CreatePlease to create content