Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

access-list implementation

Hi

Could anybody help me to implement access list for traffic coming from internet to aparticular server with specific ports say 443,25 etc...and also allow telnet from internet to that router and deny other access.

1 REPLY
Hall of Fame Super Silver

Re: access-list implementation

Hello Mcx,

you need to use an IP extended ACL.

Let's suppose that A.B.C.D is your public ip address associated with the router wan interface.

You need to configure static NAT in order to map services to the internal server

ip nat source inside static 10.10.10.20 tcp 25 A.B.C.D 25

ip nat source inside static 10.10.10.20 tcp 80 A.B.C.D 80

ip nat source inside static 10.10.10.20 tcp 443 A.B.C.D 443

int s0/0

ip nat outside

int e0/0

ip nat inside

access-list 121 permit tcp any A.B.C.D eq 25

access-list 121 permit tcp any A.B.C.D eq 80

access-list 121 permit tcp any A.B.C.D eq 443

access-list 121 permit tcp any A.B.C.D eq 23(*)

int ser0/0

access-group 121 in

(*) allowing telnet access from internet has to be carefully considered, I would suggest to use SSH and to restrict access with another ACL that is applied under line vty 0 4

access-list 25 permit host x.y.z.k

line vty 0 4

access-class 25 in

Hope to help

Giuseppe

108
Views
0
Helpful
1
Replies