11-19-2008 08:53 PM - edited 03-04-2019 12:25 AM
hello
iwant to config extended ACL to the rt to block any incoming packets from internet i.e only port like FTP, SFTP , must be opend for inbound and outbound communication, can any one deal in this issue.
thanks
11-19-2008 08:55 PM
Hi,
Configure access-list allowing whatever you require. configure access-group in and out.
Thanks and Regards,
Srinath Muralidharan
Cable&Wireless
11-19-2008 09:00 PM
hello Srinath
thank you for your immediate response, could you possibly give sample configs assuming the same case.
thank you
11-19-2008 09:14 PM
Hi,
!
ip access-list extended BLOCK-IN
permit tcp any any eq ftp
permit tcp any any eq sftp
!
ip access-list extended BLOCK-OUT
permit tcp any any eq ftp
permit tcp any any eq sftp
!
!
interface x/y
ip access-group BLOCK-IN in
ip access-group BLOCK-OUT out
!
This is just a sample and need to be modified.
Even you can add security with host ip mentioned, i mean the ftp or sftp server.The port number of sftp is tcp 115 and for ftp is tcp 20 and 21
Thanks and Regards,
Srinath Muralidharan
Cable&Wireless
+91 99809 30364
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: