12-12-2019 08:37 AM
Hi,
I am trying to create a ICL to allow only Incoming traffic to IP XX.XX.XX.XX port 80
But it does not work.
Extended IP access list Outside-Traffic
40 permit tcp any host XX.XX.XX.XX eq www
900 deny ip any any
Class Map type inspect match-any Incoming-Traffic (id 4)
Match access-group name Outside-Traffic
Policy Map type inspect Incoming-Traffic-Policy
Class Incoming-Traffic
Inspect
Class class-default
Drop log
Zone-pair name Out-To-In
Source-Zone Outside Destination-Zone Inside
service-policy Incoming-Traffic-Policy
interface GigabitEthernet0/0/0
description Internet
zone-member security Outside
interface TenGigabitEthernet0/0/0.1
description Native VLAN
encapsulation dot1Q 1 native
ip address 172.16.0.1 255.255.255.0
ip nat inside
zone-member security Inside
!
ip nat inside source static 172.16.0.226 XX.Xx.XX.XX
Solved! Go to Solution.
12-12-2019 10:08 AM
12-12-2019 09:18 AM
12-12-2019 09:55 AM
It has the real IP. I did not write it because we are a School and have been attacked several times. 45.59.xxx.xxx
12-12-2019 10:08 AM
12-12-2019 10:17 AM
Wow. That was it. Thank you very much
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide