I order to limit the options a dial-up users can use i am trying to deploy some access-list. I am trying to deploy the access-list on the interfaces virtual-template,group-async and dialer on an AS5300.
I tried something like this.
ip access-list extended dial-up
permit tcp any our.own.sub.net wi.ld.ca.rd neq 111
permit tcp any our.own.sub.net wi.ld.ca.rd neq 1023
permit tcp any our.own.sub.net wi.ld.ca.rd neq 139
permit tcp any our.own.sub.net wi.ld.ca.rd neq 389
permit tcp any our.own.sub.net wi.ld.ca.rd neq 135
permit tcp any our.own.sub.net wi.ld.ca.rd neq 445
permit tcp any our.own.sub.net wi.ld.ca.rd neq 2001
permit tcp any our.own.sub.net wi.ld.ca.rd neq 2049
permit tcp any our.own.sub.net wi.ld.ca.rd neq 4001
permit tcp any our.own.sub.net wi.ld.ca.rd neq 4045
permit tcp any our.own.sub.net wi.ld.ca.rd neq 6001
permit tcp any our.own.sub.net wi.ld.ca.rd neq 6112
permit tcp any our.own.sub.net wi.ld.ca.rd neq 9001
permit tcp any our.own.sub.net wi.ld.ca.rd neq 9100
permit tcp any our.own.sub.net wi.ld.ca.rd neq 3306
permit tcp any our.own.sub.net wi.ld.ca.rd neq 3389
permit udp any our.own.sub.net wi.ld.ca.rd neq bootps
permit udp any our.own.sub.net wi.ld.ca.rd neq 42
permit udp any our.own.sub.net wi.ld.ca.rd neq 67
permit udp any our.own.sub.net wi.ld.ca.rd neq 69
permit udp any our.own.sub.net wi.ld.ca.rd neq 137
permit udp any our.own.sub.net wi.ld.ca.rd neq 138
permit udp any our.own.sub.net wi.ld.ca.rd neq 514
permit udp any our.own.sub.net wi.ld.ca.rd neq 2049
permit udp any our.own.sub.net wi.ld.ca.rd neq 135
permit udp any our.own.sub.net wi.ld.ca.rd neq 445
permit udp any our.own.sub.net wi.ld.ca.rd neq 2049
permit udp any our.own.sub.net wi.ld.ca.rd neq syslog
permit udp any our.own.sub.net wi.ld.ca.rd neq nameserver
permit udp any our.own.sub.net wi.ld.ca.rd neq tftp
I thought this was the way to block the ports i don't like. But when i am doing a portscan as a dial-up user i still see these ports open on a server.
What am i doing wrong?
Regards,
Martijn Koopsen
