01-02-2002 07:05 AM - edited 03-01-2019 07:53 PM
I added and access-list to one of our 7206s to stop HTTP traffic to a specific location. Unfortunately, it also blocked required TN3270 traffic too. Any information would be greatly appreciated. Here are the lines entered:
access-list 104 deny tcp any host 167.102.100.91 eq www
access-list 104 deny udp any host 167.102.100.91 eq 80
access-list 104 deny tcp any host 167.102.100.97 eq www
access-list 104 deny udp any host 167.102.100.97 eq 80
Thanks!
01-02-2002 09:48 AM
whats the listen-port set to?
01-02-2002 10:09 AM
No IP CASA setup for listening...I suppose the defaults are setup. I'll review the SH TECH and review further. What would I be hoping to find, and why?
Thanks so much.
01-02-2002 10:23 AM
If you want to block only HTTP in 167.102.100.91, I think you need only one command, not two:
access-list 104 deny tcp any host 167.102.100.91 eq www
(You don't need "access-list 104 deny udp any host 167.102.100.91 eq 80".)
01-02-2002 11:32 AM
Why would the UDP EQ 80 block a telnet application (i.e. 23) or the ability to ping? This seems to be the case but I will test it very early in the morning tomorrow before anyone arrives.
01-09-2002 08:18 PM
Brian,
Are the above four lines the only lines in the ACL?? if so then you need a line to actually permit some type of traffic as there is an implicit "deny any any" at the end of the ACL. i.e
access-list 104 permit ip any any
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide