Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
656
Views
0
Helpful
2
Replies

TCP Intercept and ACL's

robert.mcclain
Level 1
Level 1

‎01-29-2002 09:01 AM - edited ‎02-20-2020 09:16 PM

I have an access-list established already, but I would like to add TCP intercept on this router. It would only filter on one network (range). Basically my DMZ. Do I add the statement "access-list xxx permit tcp any (network host section) to my established access-list or do I create a new one? I imagine that this staement would follow all my deny statements and before my "ip any any" command. Is this correct?

Labels:
0 Helpful
2 Replies 2

k.poplitz
Level 3
Level 3

‎02-04-2002 02:53 PM

Use a separate ACL and configure like this http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/scprt3/scddenl.htm

0 Helpful

robert.mcclain
Level 1
Level 1

‎02-07-2002 07:30 AM

Thanks for the information. But I think my problem is applying 2 ACL's to one interface. Both would have to be TCP, thats why I ask where do I put the explicit line for the intercept command that will be applied to the Serial /0 interface. Will it read all the lines, ignoring all except the one meant for it? I am generating part of my access list dynamically from an IDS (NetRanger) and some parts are permanent.

0 Helpful
Customers Also Viewed These Support Documents