11-15-2005 09:56 AM - edited 02-20-2020 09:28 PM
I have a PC in a lobby open to public that I wish to allow access to the internet only, but I want to be able to remote control the PC from another office if necessary. I want to allow all other PCs at this location unrestricted access to the network.
The PC is IP 192.168.31.250 255.255.255.0, on the 192.168.31.0 network segment. The switch is a 2950 and the router is a 1751.
I cant to limit it at the switch, is it possible?
Ive come up the following ACL
access-list 101 permit tcp host 172.16.31.250 any eq 443
access-list 101 permit tcp host 172.16.31.250 any eq www
access-list 101 permit tcp host 172.16.31.250 any eq domain
access-list 101 permit tcp host 172.16.31.250 any established
access-list 101 deny tcp host 172.16.31.250 any
access-list 101 deny icmp host 172.16.31.250 any
access-list 101 permit tcp any any
Applied in on the Ethernet port of the router.
It does not do what I hoped, what am I doing wrong?
Thanks,
Andy
11-15-2005 03:43 PM
for dns, it's udp 53 not tcp 53.
11-18-2005 09:10 PM
If you want to allow access to the Internet only, it might be easier to use an acl like this:
access-list 101 deny ip host 172.16.31.250 10.0.0.0 0.255.255.255
access-list 101 deny ip host 172.16.31.250 172.16.0.0 0.15.255.255
access-list 101 deny ip host 172.16.31.250 192.168.0.0 0.0.255.255
access-list 101 permit ip any any
The idea is to deny access to the networks you're using but allow anything else.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: