08-07-2022 12:24 AM - last edited on 09-29-2022 10:02 AM by Translator
I have an ACL like this
..... access-list 101 permit tcp any any eq 32100 log....
problem is I have to open it "WIDE TO THE WORLD"
I have a server behind the ROUTER ...192.168.0.34
So I tried
....access-list 101 permit tcp host 192.168.0.34 eq 32100 any log........
so it would JUST anwser to that server but it does not work...am I missing something??
Thanks...
Solved! Go to Solution.
09-10-2022 06:21 AM
Hi Paul...
First...I am not an Expert at all but I have tried to Educate myself as much as possible, doing a lot of reading on ACL's and how to implement them. So I do want you all to know that I really do appreciate your help and expertise on this.
Yes you are Correct I do have (3) machines behind the router 192.168.0.3, 192.168.0.7, 192.168.0.15
The only reason I put the DENY statements in there was that a PORT SCAN showed that they were OPEN, I am sure that once I get things right I should be able to remove them.
TRAFFIC:
192.168.0.3 VNC, VPN, VIDEO, SSH
192.168.0.7 VNC, VPN, FTP, SSH
192.168.0.8 VNC, VPN, WEB, GPS, SSH
I only have VPN SERVER installed on just 1 server
The Router has MAX Memory installed.
I know it is a lot of Traffic but my connection is 300Mbps/10Mbps
09-10-2022 07:56 AM - last edited on 09-29-2022 10:13 AM by Translator
Hello,
since this post has been idle for several weeks, I cannot figure out exactly what the original question was. Looking at your config, a zone based firewall might be better suited for what you are trying to achieve. Can you check if your IOS supports the global command
zone-member ?
If that is the case, I could alter the configuration you have sent...
09-10-2022 08:53 AM
09-28-2022 10:38 PM
I want to thank everyone for the help.... I am closing this Topic because I now have a Cisco 3925 Router.
So thanks to all
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: