Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
323
Views
0
Helpful
2
Replies

acl problem with dialer 1

Go to solution
pamirian76
Level 1
Level 1

‎02-26-2006 08:08 PM - edited ‎03-03-2019 11:52 AM

hi, I've configured my router 837 just fine and it works great. now what I want to do is to allow only http to get in my router (dialer interface.). so deny everything except http.

so here is what I've done,

I've created an acl

access-list 101 permit tcp any eq 80 any estabilished

(so permit http from anywhere on the internet that comes in my network if the connection has been estabilished by my network first)

config t

int dialer 1

ip access-group 101 in

but when I do this, it's as if I have a access-list 101 deny ip any any in place because I can't do anything anymore unless if I remove the acl.

I don't understand why. any help would be appreciated.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
arvindchari
Level 3
Level 3

‎02-26-2006 08:24 PM

Hi there,

To start off since you have permitted only traffic thru port 80, all other traffic including DNS (which is used for name resolution - tcp / udp port 53) are automatically blocked. You may still be able to browse to sites using their ip address.

I suggest you google for "secure router configuration template" or something similar to help you get started off.

Here is something I came up with using google

http://www.cymru.com/Documents/secure-ios-template.html

I believe Cisco offers a security template of their own on their website, just not able to find it right now

HTH

View solution in original post

0 Helpful
2 Replies 2

Go to solution
arvindchari
Level 3
Level 3

‎02-26-2006 08:24 PM

Hi there,

To start off since you have permitted only traffic thru port 80, all other traffic including DNS (which is used for name resolution - tcp / udp port 53) are automatically blocked. You may still be able to browse to sites using their ip address.

I suggest you google for "secure router configuration template" or something similar to help you get started off.

Here is something I came up with using google

http://www.cymru.com/Documents/secure-ios-template.html

I believe Cisco offers a security template of their own on their website, just not able to find it right now

HTH

0 Helpful

Go to solution
pamirian76
Level 1
Level 1
In response to arvindchari

‎02-27-2006 06:04 AM

that's really funny, I can't beleive that I've forgot DNS ;) that's the reason!!!!

thanks for the hint and thanks for the link.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card