John,
Actually I have multiple local networks 10.42.232.0 mask 255.255.248.0
which allows the use of 10.42.232 thru 10.42.239.255 at my local site. I
want to allow any local host to connect to the host 10.42.237.23 and deny
all the remote sites from connecting to this system over port 2200 due to
the effect it will have on the WAN links.
Hopefully this clarifies what I need to accomplish.
Thanks for any help in advance.
""John Patton"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Assuming that the router is sitting between the host and the service
> listening to port 2200, your list should look like so:
>
> example topology:
> Host (e0) Router (e1) service listening on port 2200
>
> example access-list:
> Router(config)#access-list 113 deny tcp host 10.42.237.23 ip eq 2200
> Router(config)#access-list 113 permit ip any any
> Router(config)#int e0
> Router(config-if)#ip access-group 113 in
>
> This bloacks anything from host 10.42.237.23 on port 2200 going into the
> router on e0.
>
> You may also want to consider using named access lists, if your IOS
version
> supports it:
> Router(config)#ip access-list extended MyNetworkACL
> Router(config-std-nacl)#deny tcp host 10.42.237.23 ip eq 2200
> Router(config-std-nacl)#int e0
> Router(config-if)#ip access-group MyNetworkACL in
>
> Named access lists are a bit easier to manage if you have a lot of
> configurations in there.
>
> HTH,
>
> johnny p.
>
> At 03:44 PM 4/19/2001 -0400, Allen May wrote:
> >Unless they're going through the router to get to the server an
access-list
> >won't help you there. That just filters traffic passing through
interfaces.
> >If it's on the same network you'll have to permit/deny at the server
itself.
> >It's possible with all operating systems. What kind of server is it?
> >
> >----- Original Message -----
> >From: "Luke"
> >To:
> >Sent: Thursday, April 19, 2001 2:19 PM
> >Subject: Need access list help [7:1274]
> >
> >
> > > Have following internal local networks:
> > >
> > > Local Networks : 10.42.232.0 through 10.42.239.0
> > > Have a host at 10.42.237.23 that I want to permit local
networks
> >to
> > > access (TCP port 2200)
> > > Want to deny access to host 10.42.237.23 for all others
> > > Want to permit all other traffic any any
> > >
> > > In effect I just need to deny access to one host for stated port
for
> > > every not on the local network. What should the access-list look
like,
> >I'd
> > > hate to club my local network.
> > >
> > > May current plan was to
> > >
> > > access-list 113 permit tcp 10.42.232.0 0.0.248.255 host
> >10.42.237.23
> > > access-list 113 deny tcp any host 10.42.237.23
> > > access-list 113 permit tcp any any
> > > {implicit deny}
> > >
> > > config-int vlan 237
> > > ip access-group 113 in
> > >
> > > But I have have the sinking feeling I am about to club all other
> > > protocols. Can someone straighten me out?
> > >
> > > Thanks in advance.
> > >
> > > Luke
> > > FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=1290&t=1274
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
