Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Ext ACL

hello

iwant to config extended ACL to the rt to block any incoming packets from internet i.e only port like FTP, SFTP , must be opend for inbound and outbound communication, can any one deal in this issue.

thanks

3 REPLIES
New Member

Re: Ext ACL

Hi,

Configure access-list allowing whatever you require. configure access-group in and out.

Thanks and Regards,

Srinath Muralidharan

Cable&Wireless

New Member

Re: Ext ACL

hello Srinath

thank you for your immediate response, could you possibly give sample configs assuming the same case.

thank you

New Member

Re: Ext ACL

Hi,

!

ip access-list extended BLOCK-IN

permit tcp any any eq ftp

permit tcp any any eq sftp

!

ip access-list extended BLOCK-OUT

permit tcp any any eq ftp

permit tcp any any eq sftp

!

!

interface x/y

ip access-group BLOCK-IN in

ip access-group BLOCK-OUT out

!

This is just a sample and need to be modified.

Even you can add security with host ip mentioned, i mean the ftp or sftp server.The port number of sftp is tcp 115 and for ftp is tcp 20 and 21

Thanks and Regards,

Srinath Muralidharan

Cable&Wireless

+91 99809 30364

126
Views
0
Helpful
3
Replies
CreatePlease to create content