https://community.cisco.com/t5/network-security/acl-not-working/m-p/2732763#M178174 <P>I would like to allow RDP&nbsp;in from only a specified IP. &nbsp;Right now RDP is not allowed from any IP, but SSH is allowed in</P><P>&nbsp;</P><P>FastEthernet 0/0 is my WAN interface</P><P>&nbsp;</P><P>interface FastEthernet0/0<BR />&nbsp;ip address dhcp<BR />&nbsp;ip access-group Block_Stuff in<BR />!<BR />ip nat inside source static tcp LANIP&nbsp;80 FastEthernet0/0&nbsp;80 extendable<BR />ip nat inside source static tcp LANIP&nbsp;3389 FastEthernet0/0&nbsp;3389 extendable<BR />!<BR />ip access-list extended Block_Stuff<BR />&nbsp;permit tcp any WANBlock&nbsp;0.0.0.7 eq 22<BR />&nbsp;permit tcp host SpecifiedIP&nbsp;eq 3389 host FastEthernet0/0 eq 3389<BR />&nbsp;deny &nbsp; tcp any any eq 22<BR />&nbsp;deny &nbsp; tcp any any eq 3389<BR />&nbsp;permit ip any any</P> Tue, 12 Mar 2019 06:42:43 GMT Joli Martinez 2019-03-12T06:42:43Z https://community.cisco.com/t5/network-security/acl-not-working/m-p/2732763#M178174 <P>I would like to allow RDP&nbsp;in from only a specified IP. &nbsp;Right now RDP is not allowed from any IP, but SSH is allowed in</P><P>&nbsp;</P><P>FastEthernet 0/0 is my WAN interface</P><P>&nbsp;</P><P>interface FastEthernet0/0<BR />&nbsp;ip address dhcp<BR />&nbsp;ip access-group Block_Stuff in<BR />!<BR />ip nat inside source static tcp LANIP&nbsp;80 FastEthernet0/0&nbsp;80 extendable<BR />ip nat inside source static tcp LANIP&nbsp;3389 FastEthernet0/0&nbsp;3389 extendable<BR />!<BR />ip access-list extended Block_Stuff<BR />&nbsp;permit tcp any WANBlock&nbsp;0.0.0.7 eq 22<BR />&nbsp;permit tcp host SpecifiedIP&nbsp;eq 3389 host FastEthernet0/0 eq 3389<BR />&nbsp;deny &nbsp; tcp any any eq 22<BR />&nbsp;deny &nbsp; tcp any any eq 3389<BR />&nbsp;permit ip any any</P> Tue, 12 Mar 2019 06:42:43 GMT https://community.cisco.com/t5/network-security/acl-not-working/m-p/2732763#M178174 Joli Martinez 2019-03-12T06:42:43Z https://community.cisco.com/t5/network-security/acl-not-working/m-p/2732764#M178180 <P>This is an 1841 router running 12.4(15)</P> Wed, 07 Oct 2015 18:16:40 GMT https://community.cisco.com/t5/network-security/acl-not-working/m-p/2732764#M178180 Joli Martinez 2015-10-07T18:16:40Z https://community.cisco.com/t5/network-security/acl-not-working/m-p/2732765#M178183 <P>Change this line -</P><P>"permit tcp host SpecifiedIP&nbsp;eq 3389 host FastEthernet0/0 eq 3389"</P><P>to this -</P><P>"permit tcp host SpecifiedIP&nbsp; host&nbsp;&lt;public IP on interface&gt; &nbsp;eq 3389"</P><P>Jon</P> Wed, 07 Oct 2015 18:46:59 GMT https://community.cisco.com/t5/network-security/acl-not-working/m-p/2732765#M178183 Jon Marshall 2015-10-07T18:46:59Z https://community.cisco.com/t5/network-security/acl-not-working/m-p/2732766#M178185 <P>That worked thanks,</P> Wed, 07 Oct 2015 20:13:16 GMT https://community.cisco.com/t5/network-security/acl-not-working/m-p/2732766#M178185 Joli Martinez 2015-10-07T20:13:16Z