01-29-2002 09:01 AM - edited 02-20-2020 09:16 PM
I have an access-list established already, but I would like to add TCP intercept on this router. It would only filter on one network (range). Basically my DMZ. Do I add the statement "access-list xxx permit tcp any (network host section) to my established access-list or do I create a new one? I imagine that this staement would follow all my deny statements and before my "ip any any" command. Is this correct?
02-04-2002 02:53 PM
Use a separate ACL and configure like this http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/scprt3/scddenl.htm
02-07-2002 07:30 AM
Thanks for the information. But I think my problem is applying 2 ACL's to one interface. Both would have to be TCP, thats why I ask where do I put the explicit line for the intercept command that will be applied to the Serial /0 interface. Will it read all the lines, ignoring all except the one meant for it? I am generating part of my access list dynamically from an IDS (NetRanger) and some parts are permanent.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide