Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

acl problem with dialer 1

hi, I've configured my router 837 just fine and it works great. now what I want to do is to allow only http to get in my router (dialer interface.). so deny everything except http.

so here is what I've done,

I've created an acl

access-list 101 permit tcp any eq 80 any estabilished

(so permit http from anywhere on the internet that comes in my network if the connection has been estabilished by my network first)

config t

int dialer 1

ip access-group 101 in

but when I do this, it's as if I have a access-list 101 deny ip any any in place because I can't do anything anymore unless if I remove the acl.

I don't understand why. any help would be appreciated.

1 ACCEPTED SOLUTION

Accepted Solutions
Bronze

Re: acl problem with dialer 1

Hi there,

To start off since you have permitted only traffic thru port 80, all other traffic including DNS (which is used for name resolution - tcp / udp port 53) are automatically blocked. You may still be able to browse to sites using their ip address.

I suggest you google for "secure router configuration template" or something similar to help you get started off.

Here is something I came up with using google

http://www.cymru.com/Documents/secure-ios-template.html

I believe Cisco offers a security template of their own on their website, just not able to find it right now

HTH

2 REPLIES
Bronze

Re: acl problem with dialer 1

Hi there,

To start off since you have permitted only traffic thru port 80, all other traffic including DNS (which is used for name resolution - tcp / udp port 53) are automatically blocked. You may still be able to browse to sites using their ip address.

I suggest you google for "secure router configuration template" or something similar to help you get started off.

Here is something I came up with using google

http://www.cymru.com/Documents/secure-ios-template.html

I believe Cisco offers a security template of their own on their website, just not able to find it right now

HTH

New Member

Re: acl problem with dialer 1

that's really funny, I can't beleive that I've forgot DNS ;) that's the reason!!!!

thanks for the hint and thanks for the link.

108
Views
0
Helpful
2
Replies