ā02-10-2014 11:49 PM - edited ā03-07-2019 06:07 PM
Hello Everybody
IĀ“m trying to create an access list to control the remote-desk access through the 2289 port.
We have two VLANs,server VLAN-73 and user VLAN-16
We need to deny the remote desktop access to everybody that is in the user vlan except these two exceptions;
1) We will permit the access to everyboy in the user vlan only to these 3 servers (192.168.1.23,192.168.1.25,192.168.1.37)
2)We will permit the remote access to all of our servers only to this 2 hosts (172.16.21.92 and 172.16.21.93)
So I configured the acls in this way,but I canĀ“t do it properlly because It seems like everybody in the user vlan continues accessing to all of the servers.
access-list 101 permit tcp host 172.16.21.92 any eq 3389
access-list 101 permit tcp host 172.16.21.93 any eq 3389
access-list 101 permit tcp any host 192.168.1.23 eq 3389
access-list 101 permit tcp any host 192.168.1.25 eq 3389
access-list 101 permit tcp any host 192.168.1.37 eq 3389
access-list 101 deny tcp any any eq 3389
access-list 101 permit tcp any any
interface vlan 73
ip access-group 101 in
Could anybody help me please?
Thank you and Regards!
IIB
ā02-11-2014 01:41 AM
Hi,
you should apply your ACL outbound on vlan 73 or inbound on vlan 16 but not inbound on vlan 73 because frames entering this vlan interface will never have a source IP in vlan 16 subnet nor will they initiate the rdp session so their so their destination port won't be 3389 and consequently you'll hit your last line of the ACL which permits tcp any any so replies to remote desktop sessions initiated from vlan 16 subnet.
Regards
Alain
Don't forget to rate helpful posts.
ā02-11-2014 11:15 PM
Hi
Thank you for your response Alain,I tried to configure the ACL outbound,but when I do it the server vlan falls down.
interface vlan 73
ip access-group 101 out
Maybe my mistake is configuring it in the server vlan interface (73) instead of configuring it in the users vlan interface (16)
ā02-11-2014 11:35 PM
Hi,
apply it inbound on vlan 16 interface
Regards
Alain
Don't forget to rate helpful posts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide