Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2232
Views
8
Helpful
6
Replies

i want to permit specific ip address to deny port

madudhulamahesh
Level 1
Level 1

‎01-31-2014 01:26 AM - edited ‎03-11-2019 08:38 PM

Dear cisco

my firewall Name  cisco asa 5505 .. i given command  deny port 80 but now i want to permit this port (80) only for specific ip address ..please help me .

access-list 100 extended deny tcp any any eq www

access-list 100 extended permit ip any any

access-group 100  in interface outside

But My firewall in transparent mode ..

My network setup

Router->firewall->switch->server's

Please help me ....

Regard's&Thank's

mahesh.M

Labels:
0 Helpful
6 Replies 6

vishaw jasrotia
Level 1
Level 1

‎01-31-2014 01:36 AM

Hello

access-list 100 extended permit tcp any eq 80

access-list 100 extended deny tcp any any eq www

access-group 100  in interface outside

Thanks

Jouni Forss
VIP Alumni
VIP Alumni

‎01-31-2014 01:46 AM

Hi,

If you want to add a rule to an existing ACL you can simply add it to the top of that ACL with the "line" parameter

access-list 100 line 1 permit tcp host host eq 80

or

access-list 100 line 1 permit tcp host any eq 80

Depending if you want to allow TCP/80 to "any" destination or to a specific host.

- Jouni

madudhulamahesh
Level 1
Level 1
In response to Jouni Forss

‎01-31-2014 02:00 AM

hello sir 

what i am saying

I deny port number 80  all my sever ...but only one user outside of network .so that user only access port number 80..

Example

My  network 10.0.0.15 to 10.0.0.25

i deny port all servers ..but one outside ip address 15.26.69.12 access port number 80

that is my Questions ..

please help me ...

thank you ...

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to madudhulamahesh

‎01-31-2014 02:37 AM

Hi,

look at Jouni's second ACL  and replace source address accordingly.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

madudhulamahesh
Level 1
Level 1
In response to cadet alain

‎01-31-2014 04:09 AM

hello sir

no working

Example network

this is my company network

i done deny port number 80 OUTSIDE in  my netowork(10.0.0.10 to 10.0.0.25 )

But one client want the port number 80.

he is in another network 105.16.15.26(he is in outside of my network )

this ip address only access particular port number 80

please help..

thank you ..

0 Helpful

madudhulamahesh
Level 1
Level 1
In response to madudhulamahesh

‎01-31-2014 10:44 PM

Hello

Hello

access-list 100 extended permit tcp <10.0.0.10  > <255.255.255.0> any eq 80

access-list 100 extended deny tcp any any eq www

access-group 100  in interface outside

ip address 10.0.0.10 port number 80 enable   ok .... this ip address  and port number access only particular ip address outside of network ..

please help me ....

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card