09-10-2008 09:59 PM - edited 03-06-2019 01:18 AM
I need to prevent telnet access to a server connected to f0/0 interface from internet to achieve this I created the following access-list:
deny tcp any x.x.x.x eq 23
permit ip any any
I applied it to outbound direction on the f0/0 interface,....but didnt work??!!
any suggestion???
09-10-2008 11:10 PM
interface ethernet0 (Public Interface)
ip access-group 102 in
!
access-list 102 deny tcp any x.x.x.x eq 23
access-list 102 permit ip any any
see this example http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080100548.shtml#denytelnettraffic
francisco
09-11-2008 04:03 AM
francisco
While we might agree that there is some efficiency in applying the access list as inbound on the public interface instead of outbound on the private interface (catch the traffic and deny it sooner) you are creating essentially the same access list as mohammad did. If it did not work as outbound on the private interface I do not see what would make it work inbound on the public interface. Do you have a theory to explain that?
I believe that we need to investigate why the access list did not work for mohammad. If the x.x.x.x does correctly identify the server then it looks to me like his access list should have worked. Perhaps mohammad can supply a bit more detail about the topology of his network and the interface config where he attempted his access list. That might give us a better understanding of the issue.
HTH
Rick
09-11-2008 04:04 AM
Hi,
your deny statement as displayed would not be accepted by IOS. To prevent telnet just to one server this could be written as:
deny tcp any host x.x.x.x eq 23 or you can use wildcard 0.0.0.0, ie:
deny tcp any x.x.x.x 0.0.0.0 eq 23.
To my experience wildcards can be easily be misunderstood.
Can you please show the access-list commands exactly as you have typed these.
Best regards,
Antonin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide