Have a ACL question..

DAVID RICHWALSKI · ‎10-24-2017

I have a Cisco 2851 Router

I had some remote access problems and posted in that forum and I got help figuring that out.

But I had a question that would be better answered in this forum

I need my Router to only have an outbound ACL so it would register my IP Address to the DynDNS service.

- I have access-list 101 permit tcp any eq www any (on my outbound interface)

But it was pointed out to me that the current ACL would allow access to a web server on my network

I do not have a web server

However if I don't have an ACL then my Router would never register my IP Address with DynDNS

I do know the specific IP Address of the DynDNS server that my Router would need to communicate with

Can some one please let me know what the correct outbound ACL might look like?

Thank you in advance

Julio E. Moisa · ‎10-24-2017

Hi

If it is outbound, it should be: access-list 101 permit tcp any any eq www

If you know the DynDNS's IP it suggest:

access-list 101 permit ip any host <DYNDNS IP>

or

access-list 101 permit ip any <DYNDNS Network>

int f0/0

ip access-group 101 out

Extended ACL sintaxis is:

access-list <100-199> permit/deny <protocol> <source> <source wildcare> eq <source port> <destination> <destination wildcard> eq <destination port>

If the port is dynamic you can remove the eq <port/range>

Hope it is useful

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

DAVID RICHWALSKI · ‎10-24-2017

thanks for the reply

Right now I have ip access-group 101 in

so i will have to create a ip access-group for outbound

would it be ip access-group 102 outbound

Karsten Iwen · ‎10-25-2017

You don't need this outbound ACL for your use-case. The dynDNS-requests are sent by your router and packets generated by the router itself are not filtered by outbound ACLs. These are only for transit-traffic.