08-05-2008 07:21 AM - edited 03-03-2019 11:01 PM
Hi,
I have Server 10.10.1.5/24. Desktops on network 10.10.5.0/24 should access all the application installed on the server. The services are using TCP and UDP ports.
If I will open IP any any in ACL and rest Deny. It will work or I have to open TCP and UDP also. Please help.
08-05-2008 07:25 AM
IP any any ACL should do it. It covers all UDP/TCP ports.
Thanks.
08-05-2008 07:29 AM
Thanks boss. I was confused as I have long list for TCP and UDP ports used by this server.
So my ACL should like-
# Permit IP 10.10.5.0 0.0.0.255 host 10.10.1.5
# Deny ip any any log
08-05-2008 07:38 AM
Please reply if my above ACL is allowing TCP and UDP all ports..
08-05-2008 07:50 AM
Yes, the config statements implementing above rules on server-side [in] interface should do it.
Thanks.
08-07-2008 03:40 AM
Actually that statement should be on the interface towards the LAN as an inbound ACL. It will not work as intended on the interface towards the server as inbound ACL. Alternatively it could be an outbound ACL on the interface towards the server
However, an ACL like that will allow all IP traffic including some you may not want to allow
08-07-2008 06:56 AM
Rupesh, tcp and udp work on layer 4, and IP works on layer 3. So, IP is the combination (or the bigger box that contains tcp and udp). So if you allow IP, all 65536 tcp & udp ports are allowed in it.
08-07-2008 01:14 PM
ip any any will allow both TCP and UDP the scenario should work
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide