Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Bronze

PAT question regarding ACLs

Hi,

I am a newbie to security and recently setup a 1721 to access the internet and also to allow a vpn connection.

I have everything working but when i tried to restrict access inbound i got some strange results.

I put a acl on the inbound outside interface to only allow web, ipsec and smtp traffic.

However after i applied the acl it made no affect.After a bit of investigation it seemed that by blocking ports higher up the range it could block traffic.

I assume all of this is because i am using PAT (i.e overload command).

What i don't get is where do i apply the acl to achieve what i want i.e pre nat.

I have a adsl connection so i have applied to the in bound dialer interface

interface Dialer1

ip address negotiated

ip access-group 105 in

no ip redirects

no ip proxy-arp

ip nat outside

encapsulation ppp

dialer pool 1

Anybody guide me in the right direction

thanks

mark

  • Other Security Subjects
1 REPLY
Bronze

Re: PAT question regarding ACLs

The following document will assist you in correcting the problem

http://cco/en/US/tech/tk648/tk361/tk438/tsd_technology_support_sub-protocol_home.html

89
Views
0
Helpful
1
Replies