12-10-2013 09:00 AM - edited 03-04-2019 09:49 PM
Dear Support Team,
kindly help with the guide on how to block the following ports on Cisco Router:
80 (HTTP)
20 (FTP)
21 (FTP)
530 (RPC
12-10-2013 09:14 AM
Hello
One crude method is to use a simple acl to acomplish this:
access-list 100 deny tcp any any eq www
access-list 100 deny tcp any any eq ftp
access-list 100 deny tcp any any eq ftp-data
access-list 100 deny tcp any any eq 530
access-list 100 deny udp any any eq 530
access-list 100 permit ip any any
int xx
ip access-group 100 in
ip access-group 100 out
res
Paul
Please don't forget to rate any posts that have been helpful.
Thanks.
12-10-2013 11:43 PM
Thanks Paul.
however in applying the ACL to the interface, should it be In or Out ?
12-11-2013 12:12 AM
Hi,
It all depends where are located the services that you want to block and if you have specified these ports as source or destination in your ACL. Don't forget that outbound ACL don't filter traffic generated by the router but that inbound ACL do so you should also be more specific in your ACL but as Paul had not enough information he provided a "catch-all" ACL.
Regards
Alain
Don't forget to rate helpful posts.
12-12-2013 03:08 PM
Hello Alain,
Besically the traffic is INBOUND. that is the restriction would be on the inbound traffic coming into the corporate network.
12-13-2013 02:57 AM
Hi,
Then you can apply Paul's ACL inbound on your WAN interface if your services are on your corporate LAN.
Regards
Alain
Don't forget to rate helpful posts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide