Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
367
Views
0
Helpful
1
Replies

Can you help, access list to restirct http

hatel-datta
Level 1
Level 1

‎10-29-2003 05:43 AM - edited ‎02-20-2020 09:22 PM

Hi

I need to apply a access list to restrict http traffic to a speacfic vlan and allow only Terminal service access and VNC . I have little or no exprience, HELP !

Labels:
0 Helpful
1 Reply 1

ywadhavk
Cisco Employee
Cisco Employee

‎10-29-2003 08:10 AM

By default Terminal Server and Windows 2000 Terminal Services uses TCP port 3389 for client connections.

VNC uses default ports of TCP 5800 and 5900. It supports the virtual screen number concept of X Windows, which means these ports apply to screen #0. Screen #1 would be at ports 5801 and 5901.

So as for your requirement, permit the above specific ports and any others that you may need in the acl and deny eveything else.

OR

Explicitly deny port 80 and allow everything else which will include the above ports. More info on ACLs on the below url.

http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml

Thanks,

yatin

0 Helpful
Customers Also Viewed These Support Documents