cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
330
Views
5
Helpful
3
Replies

ACL Not working

Joli Martinez
Level 1
Level 1

I would like to allow RDP in from only a specified IP.  Right now RDP is not allowed from any IP, but SSH is allowed in

 

FastEthernet 0/0 is my WAN interface

 

interface FastEthernet0/0
 ip address dhcp
 ip access-group Block_Stuff in
!
ip nat inside source static tcp LANIP 80 FastEthernet0/0 80 extendable
ip nat inside source static tcp LANIP 3389 FastEthernet0/0 3389 extendable
!
ip access-list extended Block_Stuff
 permit tcp any WANBlock 0.0.0.7 eq 22
 permit tcp host SpecifiedIP eq 3389 host FastEthernet0/0 eq 3389
 deny   tcp any any eq 22
 deny   tcp any any eq 3389
 permit ip any any

1 Accepted Solution

Accepted Solutions

Jon Marshall
Hall of Fame
Hall of Fame

Change this line -

"permit tcp host SpecifiedIP eq 3389 host FastEthernet0/0 eq 3389"

to this -

"permit tcp host SpecifiedIP  host <public IP on interface>  eq 3389"

Jon

View solution in original post

3 Replies 3

Joli Martinez
Level 1
Level 1

This is an 1841 router running 12.4(15)

Jon Marshall
Hall of Fame
Hall of Fame

Change this line -

"permit tcp host SpecifiedIP eq 3389 host FastEthernet0/0 eq 3389"

to this -

"permit tcp host SpecifiedIP  host <public IP on interface>  eq 3389"

Jon

That worked thanks,

Review Cisco Networking for a $25 gift card