I am trying to create an access list that will keep people that are not
without our subnets from
ftp(ing) to a specific server.
Is it necessary for me to permit the subnets within out domain? or..can I
just use something like this?
ip access-list extended noftp
deny tcp any any 128.*.*.* 0.0.0.0 eq 20
deny tcp any any 128.*.*.* 0.0.0.0 eq 21
permit ip any any
interface ethernet *
ip access-group noftpweb in
Is it necessary to use a reflexive access list in order to allow internal
ftp?
thanks,
Elise
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
