Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1005
Views
5
Helpful
18
Replies

ACL clarification...i am a bit rusty...

Go to solution
DAVID RICHWALSKI
Level 1
Level 1

‎08-07-2022 12:24 AM - last edited on ‎09-29-2022 10:02 AM by Community Manager

 

I have an ACL like this

..... access-list 101 permit tcp any any eq 32100 log....

problem is I have to open it "WIDE TO THE WORLD"

I have a server behind the ROUTER ...192.168.0.34

So I tried

....access-list 101 permit tcp host 192.168.0.34 eq 32100 any log........

so it would JUST anwser to that server but it does not work...am I missing something??

Thanks...

Labels:
0 Helpful
18 Replies 18

Go to solution
DAVID RICHWALSKI
Level 1
Level 1
In response to paul driver

‎09-10-2022 06:21 AM

Hi Paul...

First...I am not an Expert at all but I have tried to Educate myself as much as possible, doing a lot of reading on ACL's and how to implement them. So I do want you all to know that I really do appreciate your help and expertise on this.

Yes you are Correct I do have (3) machines behind the router 192.168.0.3, 192.168.0.7, 192.168.0.15

The only reason I put the DENY statements in there was that a PORT SCAN showed that they were OPEN, I am sure that once I get things right I should be able to remove them.

TRAFFIC:

192.168.0.3  VNC,  VPN,  VIDEO,  SSH

192.168.0.7  VNC,  VPN,  FTP,  SSH

192.168.0.8  VNC,  VPN,  WEB,  GPS,  SSH

I only have VPN SERVER installed on just 1 server

The Router has MAX Memory installed.

I know it is a lot of Traffic but my connection is 300Mbps/10Mbps

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to DAVID RICHWALSKI

‎09-10-2022 07:56 AM - last edited on ‎09-29-2022 10:13 AM by Community Manager

Hello,

since this post has been idle for several weeks, I cannot figure out exactly what the original question was. Looking at your config, a zone based firewall might be better suited for what you are trying to achieve. Can you check if your IOS supports the global command

zone-member ?

If that is the case, I could alter the configuration you have sent...

0 Helpful

Go to solution
DAVID RICHWALSKI
Level 1
Level 1
In response to Georg Pauwen

‎09-10-2022 08:53 AM

HI There....

I have attached a copy of the CONFIG COMMANDS for you.....

Preview file
16 KB
0 Helpful

Go to solution
DAVID RICHWALSKI
Level 1
Level 1
In response to DAVID RICHWALSKI

‎09-28-2022 10:38 PM

I want to thank everyone for the help.... I am closing this Topic because I now have a Cisco 3925 Router.

So thanks to all

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card