11-19-2008 08:53 PM - edited 03-04-2019 12:25 AM
hello
iwant to config extended ACL to the rt to block any incoming packets from internet i.e only port like FTP, SFTP , must be opend for inbound and outbound communication, can any one deal in this issue.
thanks
11-19-2008 08:55 PM
Hi,
Configure access-list allowing whatever you require. configure access-group in and out.
Thanks and Regards,
Srinath Muralidharan
Cable&Wireless
11-19-2008 09:00 PM
hello Srinath
thank you for your immediate response, could you possibly give sample configs assuming the same case.
thank you
11-19-2008 09:14 PM
Hi,
!
ip access-list extended BLOCK-IN
permit tcp any any eq ftp
permit tcp any any eq sftp
!
ip access-list extended BLOCK-OUT
permit tcp any any eq ftp
permit tcp any any eq sftp
!
!
interface x/y
ip access-group BLOCK-IN in
ip access-group BLOCK-OUT out
!
This is just a sample and need to be modified.
Even you can add security with host ip mentioned, i mean the ftp or sftp server.The port number of sftp is tcp 115 and for ftp is tcp 20 and 21
Thanks and Regards,
Srinath Muralidharan
Cable&Wireless
+91 99809 30364
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide