Announcement

Collapse
No announcement yet.

Only allow FTP, Citrix, and WWW through access list

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Only allow FTP, Citrix, and WWW through access list

    I want to restrict access through an interface to only FTP, Citrix, and WWW.

    Everything is working great until I apply this access list. Once it is applied, I can't get to the internet. I can get to the internet if I add "permit ip any any"

    permit tcp 192.168.4.0 0.0.0.255 any
    permit udp 192.168.4.0 0.0.0.255 any
    permit icmp 192.168.4.0 0.0.0.255 any
    permit tcp any host x.x.x.x eq ftp-data
    permit tcp any host x.x.x.x eq ftp
    permit tcp any host x.x.x.x eq www
    permit tcp any host x.x.x.x eq 443
    permit tcp any host x.x.x.x eq 1604
    permit tcp any host x.x.x.x eq 2512
    permit tcp any host x.x.x.x eq 2513
    permit tcp any host x.x.x.x eq 2599
    permit tcp any host x.x.x.x eq 3393
    permit tcp any host x.x.x.x eq 3394
    permit tcp any host x.x.x.x eq 8082
    permit tcp any host x.x.x.x eq 27000
    permit tcp any any eq www
    permit ip 192.168.4.0 0.0.0.255 any


    What am I missing here?
    Thank you,

    Marc

  • #2
    Re: Only allow FTP, Citrix, and WWW through access list

    Here you find an article how to configure ACL's.
    http://www.cisco.com/warp/public/707...cesslists.html

    and don't forget DNS
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment

    Working...
    X