Cisco IOS command TCP routing

thecuteguy80 · ‎11-21-2010

Ok so I'm setting up these TCP ports on allowing them on one point to the next but I don't know how to block it from the source to the router or block it from the source to a destination? It keeps showing up saying TCP is going to this destination I don't want it to go to. I'm typing access-list 1### host source host destination eq port#. So it only allows that TCP port in but it's not being implicit like it's suppose to be on blocking the TCP that's not on the access list. I've tried deny tcp any any. Any other options?

Richard Burts · ‎11-21-2010

Greg

I am not clear on exactly what you are trying to accomplish, exactly what you have configured, and exactly what problem you are encountering. So some clarification would allow us to give you better answers.

Since this is clearly some issue with configuring extended access lists to filter TCP ports let me offer a couple of observations and suggestions based on what I see as common problems:

- remember that the extended access list can permit or deny source port, destination port, or both source and destination ports. So think carefully about which you want to filter.

- remember that determinining whether a port will be source port or destination port will depend on which interface the access list will be applied to, and whether the access list will be applied inbound or outbound.

- remember that the access list does not do anything just because it is configured. The access list must be applied to an interface for it to begin actively filtering packets.

If you are still having problems then please provide information on what you are trying to accomplish, what you have configured, and how you determine whether it is working or not.

HTH

Rick

HTH

Rick