edward.avanti at gmail
Dec 11, 2010, 1:56 AM
Views: 1840
Permalink
|
Halo all,
I understood that ACL on int's were transitting traffic and ACL on line was
to the router?
I ask because I could not access router until I add my home IP on acl 101
(the inbound)
Is this because the external interface fe0 has inbound rules applied?
For example, fe1 is to our network of servers I apply ingress rules on fe0
which the SP link, is this right why I denied?
Should I invert this all?, have no rules on fe0 and apply the
network-ingress, as an outbound rule on fe1 instead?
Which is consider best practise? Or is this correct but I somehow block
myself to line
ACL conf data relevant to post, all IP is changed for protect guilty :->
access-list 1 permit 1.1.1.0 0.0.1.255
line vty 0 4
access-class 1 in
access-list 101 permit ip host 1.2.3.4 any
access-list 101 permit ip host 15.6.7.8 any
access-list 101 deny tcp any any eq 22
access-list 101 deny tcp any any eq telnet
access-list 101 deny tcp any any eq sunrpc
access-list 101 deny udp any any eq sunrpc
access-list 101 deny tcp any any range 135 139
access-list 101 deny udp any any range 135 netbios-ss
access-list 101 deny tcp any any eq 445
access-list 101 deny udp any any eq tftp
access-list 101 deny tcp any any eq 873
access-list 101 deny tcp any any eq 2049
access-list 101 deny tcp any any eq 3306
access-list 101 permit ip any any
interface FastEthernet0
ip access-group 101 in
thanks you
|
ACL application
