Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Access-List

Hi,

I have Server 10.10.1.5/24. Desktops on network 10.10.5.0/24 should access all the application installed on the server. The services are using TCP and UDP ports.

If I will open IP any any in ACL and rest Deny. It will work or I have to open TCP and UDP also. Please help.

7 REPLIES
Silver

Re: Access-List

IP any any ACL should do it. It covers all UDP/TCP ports.

Thanks.

Community Member

Re: Access-List

Thanks boss. I was confused as I have long list for TCP and UDP ports used by this server.

So my ACL should like-

# Permit IP 10.10.5.0 0.0.0.255 host 10.10.1.5

# Deny ip any any log

Community Member

Re: Access-List

Please reply if my above ACL is allowing TCP and UDP all ports..

Silver

Re: Access-List

Yes, the config statements implementing above rules on server-side [in] interface should do it.

Thanks.

Community Member

Re: Access-List

Actually that statement should be on the interface towards the LAN as an inbound ACL. It will not work as intended on the interface towards the server as inbound ACL. Alternatively it could be an outbound ACL on the interface towards the server

However, an ACL like that will allow all IP traffic including some you may not want to allow

Community Member

Re: Access-List

Rupesh, tcp and udp work on layer 4, and IP works on layer 3. So, IP is the combination (or the bigger box that contains tcp and udp). So if you allow IP, all 65536 tcp & udp ports are allowed in it.

Community Member

Re: Access-List

ip any any will allow both TCP and UDP the scenario should work

110
Views
9
Helpful
7
Replies
CreatePlease to create content