Re: Access Lists on a Cisco 7200

Wed, 17 Jan 2001 14:12:46 -0800 

Hi

If you need to pass VPN traffic you will need to add permits for GRE and ESP
as well.

HTH

John Hardman CCNP MCSE+I

"John Starta" <[EMAIL PROTECTED]> wrote in message
5.0.2.1.2.20010117135118.037b0d10@popcorn">news:5.0.2.1.2.20010117135118.037b0d10@popcorn...
> Scott,
>
> The following example will block the full suite of NetBios inbound to you
> (presumably 195.50.79.0/24). This is not a complete ACL -- it will be
> necessary to either specifically allow the traffic you desire inbound, or
> add another line to the bottom (currently commented out) permitting
> everything else.
>
> access-list 101 deny   udp any 195.50.79.0 0.0.0.255 eq netbios-dgm
> access-list 101 deny   udp any 195.50.79.0 0.0.0.255 eq netbios-ns
> access-list 101 deny   udp any 195.50.79.0 0.0.0.255 eq netbios-ss
> access-list 101 deny   tcp any 195.50.79.0 0.0.0.255 eq 137
> access-list 101 deny   tcp any 195.50.79.0 0.0.0.255 eq 138
> access-list 101 deny   tcp any 195.50.79.0 0.0.0.255 eq 139
> ! access-list 101 permit ip any any
>
> jas
>
> At 07:35 PM 1/17/01 +0000, Scott S. wrote:
> >Our WatchGuard FireBox seems to be getting overloaded by the number of
> >NetBios packets it is denying.  We are thinking that it might be a good
idea
> >of blocking these at our router instead.  It is a Cisco 7200 with a
pretty
> >light load.  Does this sound like a sensible idea?  If so I was thinking
the
> >following rule would be appropriate:
> >
> >access-list 101 deny any 195.50.79.0 eq 137
> >
> >
> >Is this correct, or am I way off?
> >
> >
> >Thanks in advance for any replies.
> >
> >
> >Sincerely,
> >
> >Scott
> >
> >
> >_________________________________
> >FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to