cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


197
Views
5
Helpful
4
Replies
Highlighted
Beginner

Allow only access to one IP and one port

Hi,

I am trying to create a ICL to allow only Incoming traffic to IP XX.XX.XX.XX port 80

But it does not work. 

 

Extended IP access list Outside-Traffic
40 permit tcp any host XX.XX.XX.XX eq www
900 deny ip any any


Class Map type inspect match-any Incoming-Traffic (id 4)
Match access-group name Outside-Traffic

Policy Map type inspect Incoming-Traffic-Policy
Class Incoming-Traffic
Inspect
Class class-default
Drop log

 

Zone-pair name Out-To-In
Source-Zone Outside Destination-Zone Inside
service-policy Incoming-Traffic-Policy

interface GigabitEthernet0/0/0
description Internet
zone-member security Outside

 

interface TenGigabitEthernet0/0/0.1
description Native VLAN
encapsulation dot1Q 1 native
ip address 172.16.0.1 255.255.255.0
ip nat inside
zone-member security Inside
!

ip nat inside source static 172.16.0.226 XX.Xx.XX.XX

1 ACCEPTED SOLUTION

Accepted Solutions
RJI Advisor
Advisor

Re: Allow only access to one IP and one port

I mean define the private IP address (172.16.0.226) in the ACL not the nat/translated address.

View solution in original post

4 REPLIES 4
RJI Advisor
Advisor

Re: Allow only access to one IP and one port

Hi,
Try changing the ACL to use the real IP address of the host rather than the natted IP.

HTH
Beginner

Re: Allow only access to one IP and one port

It has the real IP. I did not write it because we are a School and have been attacked several times. 45.59.xxx.xxx

RJI Advisor
Advisor

Re: Allow only access to one IP and one port

I mean define the private IP address (172.16.0.226) in the ACL not the nat/translated address.

View solution in original post

Beginner

Re: Allow only access to one IP and one port

Wow. That was it. Thank you very much

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here