Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
849
Views
0
Helpful
1
Replies

CBAC firewall access list

garynicklaw
Level 1
Level 1

‎07-02-2011 10:42 AM - edited ‎03-04-2019 12:52 PM

I need help to configure the access list on the outbound internet port to accept the following:

ip access list 10

access-list 10 permit PPTP vpn any xxx.xxx.xxx.xxx

access-list 10 permit RDP any xxx.xxx.xxx.xxx

access-list 10 permit FTP any xxx.xxx.xxx.xxx

access-list 10 permit Postgresql any xxx.xxx.xxx.xxx

access-list 10 permit MacARD any xxx.xxx.xxx.xxx

This method does not work on the Cisco 2921 router with FW

Any help is greatly appreciated

GJN

Labels:
0 Helpful
1 Reply 1

Richard.H.Sims
Level 1
Level 1

‎07-04-2011 03:10 AM

So you've done "access-group 10 out" on the interface facing the internet and it's not working?

Are you wanting to make it so people can connect in from the internet to your local machines for services like FTP or PPTP?  At the moment your ACL looks like it allows people from inside the network to connect to FTP/RDP servers on the internet.

ACLs with numbers below 100 are called 'Standard' and are as follows:

Access-list

Source address being where the packet is coming from.

You need to make an extended access list if you want to block or allow specific protocols.

http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml#extacls

Hopefully that'll help.

0 Helpful
Customers Also Viewed These Support Documents