site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Equipment Support > Hardware By Brand > Cisco > Router ACL question

Search Topic:
 Share Topic
Posting?
Post a:
Post a:
Links: ·Submit a new forum topic ·Forum FAQ ·Submit a FAQ ·Docs Guidelines and Advisories ·EOS/EOL thread
AuthorAll Replies


Angralitux

join:2004-05-20
DO
2 edits

reply to tomkb

Re: Router ACL question

if you add the following lines to your config:

ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw smtp timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
.
.
interface FastEthernet0/0
ip inspect myfw out

you may remove the
access-list 101 permit ip any any
**Edited to improve formatting**
to forum · permalink · 2010-01-26 15:26:57 ·


carp
Rejected

join:2002-10-30
Reviews:
·RoadRunner Cable

said by Angralitux:

if you add the following lines to your config:

ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw smtp timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
.
.
interface FastEthernet0/0
ip inspect myfw out
you may remove the
access-list 101 permit ip any any
Won't that kill all internet access?
to forum · permalink · 2010-01-26 15:40:59 ·


Angralitux

join:2004-05-20
DO
1 edit

why would I want to do that?

Also, note these lines:

access-list 101 permit tcp any host 74.21.119.222 eq smtp
access-list 101 permit udp any host 74.21.119.220 eq 3389

OP, if you want to allow these services to a particular ip, you'll have to modify them. What I mean is:

1. To allow ip's 74.21.119.222 & 74.21.119.220 to access smtp & RDP respectively, you would do:
access-list 101 permit tcp host 74.21.119.222 any eq smtp
access-list 101 permit udp host 74.21.119.220 any eq 3389

2. To allow smtp & RDP to be accessed from outside you would do:
access-list 101 permit tcp any any eq smtp
access-list 101 permit udp any any eq 3389
or you can replace the last any with the ip of the server you want to get to.
to forum · permalink · 2010-01-26 15:52:48 ·


tomkb
Premium
join:2000-11-15
Tampa, FL
kudos:5

said by Angralitux:

why would I want to do that?

Also, note these lines:

access-list 101 permit tcp any host 74.21.119.222 eq smtp
access-list 101 permit udp any host 74.21.119.220 eq 3389

OP, if you want to allow these services to a particular ip, you'll have to modify them. What I mean is:

1. To allow ip's 74.21.119.222 & 74.21.119.220 to access smtp & RDP respectively, you would do:
access-list 101 permit tcp host 74.21.119.222 any eq smtp
access-list 101 permit udp host 74.21.119.220 any eq 3389

2. To allow smtp & RDP to be accessed from outside you would do:
access-list 101 permit tcp any any eq smtp
access-list 101 permit udp any any eq 3389
or you can replace the last any with the ip of the server you want to get to.
angralitux, I simply want to allow internet traffic inbound to those 2 servers only. Wouldn't they be ok as written?
to forum · permalink · 2010-01-26 16:20:36 ·
Forums > Equipment Support > Hardware By Brand > Cisco

Wednesday, 19-Jun 17:25:36 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 13.5 years online © 1999-2013 dslreports.com.
Most commented news this week
Hot Topics