03-16-2014 11:56 PM - edited 02-21-2020 05:07 AM
Good day CSC,
I am trying to configure an acl to deny rdp traffic on one of our server which has a static nat from one of our public IP. How can I configure it without dropping all other traffic? Will these configuration do it?
access-list (acl name) deny tcp any host (Public IP of server) eq 3389
access-list (acl name) permit ip any any
access-group (acl name) in interface outside
Attached also is the sanitized configuration of the PIX firewall so anyone can see what is configured in it.
Thanks in advance for all your help and replies :)
03-17-2014 01:09 AM
access list seems ok but dont see any reason to add the IP any any rule on the outside interface.
03-17-2014 01:18 AM
Coz of the implicit deny?
03-17-2014 01:54 AM
you will always want to block any request coming from outside other the ones you allowing.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: