Solved: Re: ACL clarification...i am a bit rusty... - Page 2

DAVID RICHWALSKI · ‎08-07-2022

I have an ACL like this

..... access-list 101 permit tcp any any eq 32100 log....

problem is I have to open it "WIDE TO THE WORLD"

I have a server behind the ROUTER ...192.168.0.34

So I tried

....access-list 101 permit tcp host 192.168.0.34 eq 32100 any log........

so it would JUST anwser to that server but it does not work...am I missing something??

Thanks...

DAVID RICHWALSKI · ‎09-10-2022

Hi Paul...

First...I am not an Expert at all but I have tried to Educate myself as much as possible, doing a lot of reading on ACL's and how to implement them. So I do want you all to know that I really do appreciate your help and expertise on this.

Yes you are Correct I do have (3) machines behind the router 192.168.0.3, 192.168.0.7, 192.168.0.15

The only reason I put the DENY statements in there was that a PORT SCAN showed that they were OPEN, I am sure that once I get things right I should be able to remove them.

TRAFFIC:

192.168.0.3 VNC, VPN, VIDEO, SSH

192.168.0.7 VNC, VPN, FTP, SSH

192.168.0.8 VNC, VPN, WEB, GPS, SSH

I only have VPN SERVER installed on just 1 server

The Router has MAX Memory installed.

I know it is a lot of Traffic but my connection is 300Mbps/10Mbps

Georg Pauwen · ‎09-10-2022

Hello,

since this post has been idle for several weeks, I cannot figure out exactly what the original question was. Looking at your config, a zone based firewall might be better suited for what you are trying to achieve. Can you check if your IOS supports the global command

zone-member ?

If that is the case, I could alter the configuration you have sent...

DAVID RICHWALSKI · ‎09-10-2022

HI There....

I have attached a copy of the CONFIG COMMANDS for you.....

DAVID RICHWALSKI · ‎09-28-2022

I want to thank everyone for the help.... I am closing this Topic because I now have a Cisco 3925 Router.

So thanks to all