02-07-2008 10:33 AM - edited 03-05-2019 09:01 PM
I have a specific network 10.32.64.0 that uses port 6500 and 6600. I don't want any other network to be able to use these ports. How can I do that with a ACL?
Solved! Go to Solution.
02-07-2008 08:32 PM
Would it not be
access-list 101 permit tcp any 10.32.64.0 255.255.255.0 eq 6500
access-list 101 permit tcp any 10.32.64.0 255.255.255.0 eq 6600
access-list 101 deny tcp any any eq 6500
access-list 101 deny tcp any any eq 6600
access-list 101 permit ip any any
02-07-2008 10:39 AM
Hi
access-list 101 deny tcp any 10.32.64.0 255.255.255.0 eq 6500
access-list 101 deny tcp any 10.32.64.0 255.255.255.0 eq 6600
access-list 101 permit ip any any
apply this outbound on the L3 interface that is for the 10.32.64.0 network eg
int fa0/0
ip access-group 101 out
Note - assumed 10.32.64.0 is a 255.255.255.0 subnet mask and that 6500 & 6600 are TCP ports.
Jon
02-07-2008 08:32 PM
Would it not be
access-list 101 permit tcp any 10.32.64.0 255.255.255.0 eq 6500
access-list 101 permit tcp any 10.32.64.0 255.255.255.0 eq 6600
access-list 101 deny tcp any any eq 6500
access-list 101 deny tcp any any eq 6600
access-list 101 permit ip any any
02-07-2008 09:51 PM
Harold
Looks like we have read the OP's requirements slightly differently. I assumed he meant that no subnets were allowed to access 10.32.64.0 machines on port 6500, 6600.
I'm not sure what your first 2 lines are doing.
To the OP
I have an annoying habit of forgetting to use inverse masks in router acl's, probably due to too much time on pix firewalls :)
The masks should be 0.0.0.255 and not 255.255.255.0 in my access-list entries.
Apologies for that.
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide