12-12-2019 08:37 AM
Hi,
I am trying to create a ICL to allow only Incoming traffic to IP XX.XX.XX.XX port 80
But it does not work.
Extended IP access list Outside-Traffic
40 permit tcp any host XX.XX.XX.XX eq www
900 deny ip any any
Class Map type inspect match-any Incoming-Traffic (id 4)
Match access-group name Outside-Traffic
Policy Map type inspect Incoming-Traffic-Policy
Class Incoming-Traffic
Inspect
Class class-default
Drop log
Zone-pair name Out-To-In
Source-Zone Outside Destination-Zone Inside
service-policy Incoming-Traffic-Policy
interface GigabitEthernet0/0/0
description Internet
zone-member security Outside
interface TenGigabitEthernet0/0/0.1
description Native VLAN
encapsulation dot1Q 1 native
ip address 172.16.0.1 255.255.255.0
ip nat inside
zone-member security Inside
!
ip nat inside source static 172.16.0.226 XX.Xx.XX.XX
Solved! Go to Solution.
12-12-2019 10:08 AM
12-12-2019 09:18 AM
12-12-2019 09:55 AM
It has the real IP. I did not write it because we are a School and have been attacked several times. 45.59.xxx.xxx
12-12-2019 10:08 AM
12-12-2019 10:17 AM
Wow. That was it. Thank you very much
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: