Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1682
Views
5
Helpful
4
Replies

Problema con ACL en Router Cisco

Go to solution
Michael_Lopez
Level 1
Level 1

‎11-29-2019 07:48 AM

Buen dia, por favor alguna persona que me ayude a detectar un problema que estoy presentando con una ACL que cree hace unos días para asegurar el acceso a unos servidores mediante unos puertos en específico, cuando creó la ACL extendida y la asignó al puerto de entrada del router para que cumpla su función solamente las reglas DENY hacen Match y es como si no estuviera viendo las reglas que están por encima de ella, esta es la ACL:

ACL QUE SE CREÓ:

access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 445 host 172.30.94.136
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 135 host 172.30.94.153
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 135 host 172.30.94.154
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 135 host 172.30.94.155
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 135 host 172.30.94.136
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 445 host 172.30.94.153
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 445 host 172.30.94.154
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 445 host 172.30.94.155
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 1025 host 172.30.94.153
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 1025 host 172.30.94.154
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 1025 host 172.30.94.155
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 1025 host 172.30.94.136
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 1311 host 172.30.94.153
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 1311 host 172.30.94.154
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 1311 host 172.30.94.155
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 1311 host 172.30.94.136
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 4373 host 172.30.94.153
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 4373 host 172.30.94.154
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 4373 host 172.30.94.155
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 4373 host 172.30.94.136
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 6002 host 172.30.94.153
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 6002 host 172.30.94.154
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 6002 host 172.30.94.155
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 6002 host 172.30.94.136
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 7125 host 172.30.94.153
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 7125 host 172.30.94.154
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 7125 host 172.30.94.155
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 7125 host 172.30.94.136
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 17405 host 172.30.94.153
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 17405 host 172.30.94.154
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 17405 host 172.30.94.155
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 17405 host 172.30.94.136
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 47001 host 172.30.94.153
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 47001 host 172.30.94.154
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 47001 host 172.30.94.155
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 47001 host 172.30.94.136
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 1060 host 172.30.94.153
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 1060 host 172.30.94.154
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 1060 host 172.30.94.155
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 1060 host 172.30.94.136
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 139 host 172.30.94.153
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 139 host 172.30.94.154
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 139 host 172.30.94.155
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 139 host 172.30.94.136
access-list 102 deny ip any host 172.30.94.153
access-list 102 deny ip any host 172.30.94.154
access-list 102 deny ip any host 172.30.94.155
access-list 102 deny ip any host 172.30.94.136
access-list 102 permit ip any any
access-list 102 permit icmp any any
!

 

Este es el resultado que me muestra la lista de acceso cuando la habilito (los match todos están en el deny)

Extended IP access list 102
10 permit tcp 172.30.0.0 0.0.255.255 eq 445 host 172.30.94.136
20 permit tcp 172.30.0.0 0.0.255.255 eq 135 host 172.30.94.153
30 permit tcp 172.30.0.0 0.0.255.255 eq 135 host 172.30.94.154
40 permit tcp 172.30.0.0 0.0.255.255 eq 135 host 172.30.94.155
50 permit tcp 172.30.0.0 0.0.255.255 eq 135 host 172.30.94.136
60 permit tcp 172.30.0.0 0.0.255.255 eq 445 host 172.30.94.153
70 permit tcp 172.30.0.0 0.0.255.255 eq 445 host 172.30.94.154
80 permit tcp 172.30.0.0 0.0.255.255 eq 445 host 172.30.94.155
90 permit tcp 172.30.0.0 0.0.255.255 eq 1025 host 172.30.94.153
100 permit tcp 172.30.0.0 0.0.255.255 eq 1025 host 172.30.94.154
110 permit tcp 172.30.0.0 0.0.255.255 eq 1025 host 172.30.94.155
120 permit tcp 172.30.0.0 0.0.255.255 eq 1025 host 172.30.94.136
130 permit tcp 172.30.0.0 0.0.255.255 eq 1311 host 172.30.94.153
140 permit tcp 172.30.0.0 0.0.255.255 eq 1311 host 172.30.94.154
150 permit tcp 172.30.0.0 0.0.255.255 eq 1311 host 172.30.94.155
160 permit tcp 172.30.0.0 0.0.255.255 eq 1311 host 172.30.94.136
170 permit tcp 172.30.0.0 0.0.255.255 eq 4373 host 172.30.94.153
180 permit tcp 172.30.0.0 0.0.255.255 eq 4373 host 172.30.94.154
190 permit tcp 172.30.0.0 0.0.255.255 eq 4373 host 172.30.94.155
200 permit tcp 172.30.0.0 0.0.255.255 eq 4373 host 172.30.94.136
210 permit tcp 172.30.0.0 0.0.255.255 eq 6002 host 172.30.94.153
220 permit tcp 172.30.0.0 0.0.255.255 eq 6002 host 172.30.94.154
230 permit tcp 172.30.0.0 0.0.255.255 eq 6002 host 172.30.94.155
240 permit tcp 172.30.0.0 0.0.255.255 eq 6002 host 172.30.94.136
250 permit tcp 172.30.0.0 0.0.255.255 eq 7125 host 172.30.94.153
260 permit tcp 172.30.0.0 0.0.255.255 eq 7125 host 172.30.94.154
270 permit tcp 172.30.0.0 0.0.255.255 eq 7125 host 172.30.94.155
280 permit tcp 172.30.0.0 0.0.255.255 eq 7125 host 172.30.94.136
290 permit tcp 172.30.0.0 0.0.255.255 eq 17405 host 172.30.94.153
300 permit tcp 172.30.0.0 0.0.255.255 eq 17405 host 172.30.94.154
310 permit tcp 172.30.0.0 0.0.255.255 eq 17405 host 172.30.94.155
320 permit tcp 172.30.0.0 0.0.255.255 eq 17405 host 172.30.94.136
330 permit tcp 172.30.0.0 0.0.255.255 eq 47001 host 172.30.94.153
340 permit tcp 172.30.0.0 0.0.255.255 eq 47001 host 172.30.94.154
350 permit tcp 172.30.0.0 0.0.255.255 eq 47001 host 172.30.94.155
360 permit tcp 172.30.0.0 0.0.255.255 eq 47001 host 172.30.94.136
370 permit tcp 172.30.0.0 0.0.255.255 eq 1060 host 172.30.94.153
380 permit tcp 172.30.0.0 0.0.255.255 eq 1060 host 172.30.94.154
390 permit tcp 172.30.0.0 0.0.255.255 eq 1060 host 172.30.94.155
400 permit tcp 172.30.0.0 0.0.255.255 eq 1060 host 172.30.94.136
410 permit tcp 172.30.0.0 0.0.255.255 eq 139 host 172.30.94.153
420 permit tcp 172.30.0.0 0.0.255.255 eq 139 host 172.30.94.154
430 permit tcp 172.30.0.0 0.0.255.255 eq 139 host 172.30.94.155
440 permit tcp 172.30.0.0 0.0.255.255 eq 139 host 172.30.94.136
450 deny ip any host 172.30.94.153 (328 matches)
460 deny ip any host 172.30.94.154 (334 matches)
470 deny ip any host 172.30.94.155 (253 matches)
480 deny ip any host 172.30.94.136 (529 matches)
490 permit ip any any (242948 matches)
500 permit icmp any any

 

Alguien por favor me puede colaborar indicando a qué se debe este comportamiento?

muchas gracias, quedo atento a sus comentarios.

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Georg Pauwen
VIP
VIP

‎11-29-2019 08:29 AM

Hola, 

 

cambia la ACL asi:

 

access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.136 eq 445
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.153 eq 135
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.154 eq 135
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.155 eq 135
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.136 eq 135
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.153 eq 445
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.154 eq 445
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.155 eq 445
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.153 eq 1025
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.154 eq 1025
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.155 eq 1025
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.136 eq 1025
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.153 eq 1311
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.154 eq 1311
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.155 eq 1311
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.136 eq 1311
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.153 eq 4373
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.154 eq 4373
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.155 eq 4373
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.136 eq 4373
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.153 eq 6002
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.154 eq 6002
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.155 eq 6002
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.136 eq 6002
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.153 eq 7125
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.154 eq 7125
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.155 eq 7125
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.136 eq 7125
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.153 eq 17405
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.154 eq 17405
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.155 eq 17405
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.136 eq 17405
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.153 eq 47001
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.154 eq 47001
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.155 eq 47001
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.136 eq 47001
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.153 eq 1060
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.154 eq 1060
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.155 eq 1060
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.136 eg 1060
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.153 eq 139
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.154 eq 139
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.155 eq 139
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.136 eq 139
access-list 102 deny ip any host 172.30.94.153
access-list 102 deny ip any host 172.30.94.154
access-list 102 deny ip any host 172.30.94.155
access-list 102 deny ip any host 172.30.94.136
access-list 102 permit ip any any
access-list 102 permit icmp any any

View solution in original post

4 Replies 4

Go to solution
Georg Pauwen
VIP
VIP

‎11-29-2019 08:29 AM

Hola, 

 

cambia la ACL asi:

 

access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.136 eq 445
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.153 eq 135
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.154 eq 135
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.155 eq 135
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.136 eq 135
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.153 eq 445
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.154 eq 445
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.155 eq 445
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.153 eq 1025
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.154 eq 1025
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.155 eq 1025
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.136 eq 1025
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.153 eq 1311
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.154 eq 1311
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.155 eq 1311
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.136 eq 1311
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.153 eq 4373
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.154 eq 4373
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.155 eq 4373
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.136 eq 4373
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.153 eq 6002
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.154 eq 6002
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.155 eq 6002
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.136 eq 6002
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.153 eq 7125
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.154 eq 7125
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.155 eq 7125
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.136 eq 7125
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.153 eq 17405
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.154 eq 17405
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.155 eq 17405
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.136 eq 17405
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.153 eq 47001
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.154 eq 47001
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.155 eq 47001
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.136 eq 47001
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.153 eq 1060
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.154 eq 1060
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.155 eq 1060
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.136 eg 1060
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.153 eq 139
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.154 eq 139
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.155 eq 139
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.136 eq 139
access-list 102 deny ip any host 172.30.94.153
access-list 102 deny ip any host 172.30.94.154
access-list 102 deny ip any host 172.30.94.155
access-list 102 deny ip any host 172.30.94.136
access-list 102 permit ip any any
access-list 102 permit icmp any any

Go to solution
Georg Pauwen
VIP
VIP
In response to Georg Pauwen

‎11-29-2019 08:41 AM

Si todavia no funciona, usa esta ACL:

 

access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 445 host 172.30.94.136
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.136 eq 445
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 135 host 172.30.94.153
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.153 eq 135
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 135 host 172.30.94.154
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.154 eq 135
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 135 host 172.30.94.155
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.155 eq 135
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 135 host 172.30.94.136
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.136 eq 135
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 445 host 172.30.94.153
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.153 eq 445
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 445 host 172.30.94.154
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.154 eq 445
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 445 host 172.30.94.155
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.155 eq 445
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 1025 host 172.30.94.153
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.153 eq 1025
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 1025 host 172.30.94.154
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.154 eq 1025
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 1025 host 172.30.94.155
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.155 eq 1025
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 1025 host 172.30.94.136
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.136 eq 1025
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 1311 host 172.30.94.153
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.153 eq 1311
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 1311 host 172.30.94.154
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.154 eq 1311
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 1311 host 172.30.94.155
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.155 eq 1311
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 1311 host 172.30.94.136
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.136 eq 1311
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 4373 host 172.30.94.153
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.153 eq 4373
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 4373 host 172.30.94.154
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.154 eq 4373
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 4373 host 172.30.94.155
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.155 eq 4373
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 4373 host 172.30.94.136
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.136 eq 4373
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 6002 host 172.30.94.153
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.153 eq 6002
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 6002 host 172.30.94.154
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.154 eq 6002
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 6002 host 172.30.94.155
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.155 eq 6002
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 6002 host 172.30.94.136
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.136 eq 6002
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 7125 host 172.30.94.153
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.153 eq 7125
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 7125 host 172.30.94.154
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.154 eq 7125
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 7125 host 172.30.94.155
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.155 eq 7125
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 7125 host 172.30.94.136
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.136 eq 7125
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 17405 host 172.30.94.153
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.153 eq 17405
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 17405 host 172.30.94.154
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.154 eq 17405
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 17405 host 172.30.94.155
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.155 eq 17405
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 17405 host 172.30.94.136
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.136 eq 17405
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 47001 host 172.30.94.153
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.153 eq 47001
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 47001 host 172.30.94.154
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.154 eq 47001
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 47001 host 172.30.94.155
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.155 eq 47001
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 47001 host 172.30.94.136
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.136 eq 47001
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 1060 host 172.30.94.153
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.153 eq 1060
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 1060 host 172.30.94.154
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.154 eq 1060
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 1060 host 172.30.94.155
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.155 eq 1060
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 1060 host 172.30.94.136
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.136 eg 1060
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 139 host 172.30.94.153
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.153 eq 139
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 139 host 172.30.94.154
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.154 eq 139
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 139 host 172.30.94.155
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.155 eq 139
access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 139 host 172.30.94.136
access-list 102 permit tcp 172.30.0.0 0.0.255.255 host 172.30.94.136 eq 139
access-list 102 deny ip any host 172.30.94.153
access-list 102 deny ip any host 172.30.94.154
access-list 102 deny ip any host 172.30.94.155
access-list 102 deny ip any host 172.30.94.136
access-list 102 permit ip any any
access-list 102 permit icmp any any

0 Helpful

Go to solution
Michael_Lopez
Level 1
Level 1
In response to Georg Pauwen

‎12-06-2019 08:04 AM

Muchas gracias Georg, me funciono perfectamente la ACL, me demore un poco en responder porque se debían implementar con un proveedor en los equipos de ellos, por eso la demora, pero muchas gracias por la ayuda.
0 Helpful

Go to solution
luis_cordova
VIP Alumni
VIP Alumni

‎11-29-2019 09:06 AM

Hola @Michael_Lopez 

 

Las ACE de tu ACL se puede leer así:

 

access-list 102 permit tcp 172.30.0.0 0.0.255.255 eq 445 host 172.30.94.136

 

Esta ACE va a permitir los paquetes que tengan como origen cualquier IP que venga de la red 172.30.0.0/16 y como puerto de origen 445, ademas, debe tener como destino la única IP 172.130.94.136, con cualquier puerto de destino.

Si no se cumplen estas condiciones, el paquete será examinado por la siguiente ACE.

 

Si tu objetivo es que se permitan los paquetes dirigidos al servidor 172.30.94.136 por el puerto 445, entonces debes hacer este cambio:

 

access-list 102 permit tcp 172.30.0.0 0.0.255.255  host 172.30.94.136 eq 445

 

Saludos

0 Helpful
Customers Also Viewed These Support Documents