Ok, then just change which interface you're denying and deny all traffic
from the remote site trying to use port 2200 to connect to your server.
example topology:
local site (e0) Router (e1) remote site
example numbered access-list:
Router(config)#access-list 113 deny tcp any host 10.42.237.23 ip eq
2200
Router(config)#access-list 113 permit ip any any
Router(config)#int e1
Router(config-if)#ip access-group 113 in
example named access-list:
Router(config)#ip access-list extended MyNetworkACL
Router(config-std-nacl)#deny tcp any host 10.42.237.23 ip eq 2200
Router(config-std-nacl)#permit ip any any
Router(config-std-nacl)#int e1
Router(config-if)#ip access-group MyNetworkACL in
HTH,
johnny p.
At 04:52 PM 4/19/2001 -0400, Luke wrote:
>John,
>
> Actually I have multiple local networks 10.42.232.0 mask 255.255.248.0
>which allows the use of 10.42.232 thru 10.42.239.255 at my local site. I
>want to allow any local host to connect to the host 10.42.237.23 and deny
>all the remote sites from connecting to this system over port 2200 due to
>the effect it will have on the WAN links.
>
> Hopefully this clarifies what I need to accomplish.
>
> Thanks for any help in advance.
>
>
>""John Patton"" wrote in message
>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Assuming that the router is sitting between the host and the service
> > listening to port 2200, your list should look like so:
> >
> > example topology:
> > Host (e0) Router (e1) service listening on port 2200
> >
> > example access-list:
> > Router(config)#access-list 113 deny tcp host 10.42.237.23 ip eq 2200
> > Router(config)#access-list 113 permit ip any any
> > Router(config)#int e0
> > Router(config-if)#ip access-group 113 in
> >
> > This bloacks anything from host 10.42.237.23 on port 2200 going into the
> > router on e0.
> >
> > You may also want to consider using named access lists, if your IOS
>version
> > supports it:
> > Router(config)#ip access-list extended MyNetworkACL
> > Router(config-std-nacl)#deny tcp host 10.42.237.23 ip eq 2200
> > Router(config-std-nacl)#int e0
> > Router(config-if)#ip access-group MyNetworkACL in
> >
> > Named access lists are a bit easier to manage if you have a lot of
> > configurations in there.
> >
> > HTH,
> >
> > johnny p.
> >
> > At 03:44 PM 4/19/2001 -0400, Allen May wrote:
> > >Unless they're going through the router to get to the server an
>access-list
> > >won't help you there. That just filters traffic passing through
>interfaces.
> > >If it's on the same network you'll have to permit/deny at the server
>itself.
> > >It's possible with all operating systems. What kind of server is it?
> > >
> > >----- Original Message -----
> > >From: "Luke"
> > >To:
> > >Sent: Thursday, April 19, 2001 2:19 PM
> > >Subject: Need access list help [7:1274]
> > >
> > >
> > > > Have following internal local networks:
> > > >
> > > > Local Networks : 10.42.232.0 through 10.42.239.0
> > > > Have a host at 10.42.237.23 that I want to permit local
>networks
> > >to
> > > > access (TCP port 2200)
> > > > Want to deny access to host 10.42.237.23 for all others
> > > > Want to permit all other traffic any any
> > > >
> > > > In effect I just need to deny access to one host for stated port
>for
> > > > every not on the local network. What should the access-list look
>like,
> > >I'd
> > > > hate to club my local network.
> > > >
> > > > May current plan was to
> > > >
> > > > access-list 113 permit tcp 10.42.232.0 0.0.248.255 host
> > >10.42.237.23
> > > > access-list 113 deny tcp any host 10.42.237.23
> > > > access-list 113 permit tcp any any
> > > > {implicit deny}
> > > >
> > > > config-int vlan 237
> > > > ip access-group 113 in
> > > >
> > > > But I have have the sinking feeling I am about to club all other
> > > > protocols. Can someone straighten me out?
> > > >
> > > > Thanks in advance.
> > > >
> > > > Luke
> > > > FAQ, list archives, and subscription info:
> > >http://www.groupstudy.com/list/cisco.html
> > > > Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]
> > >FAQ, list archives, and subscription info:
> > >http://www.groupstudy.com/list/cisco.html
> > >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=1300&t=1274
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
