Re: How to open specific TCP & UDP ports... [7:17047]

Thu, 23 Aug 2001 13:23:23 -0700 

nothing like a good solid answer...

Ken,

Cisco uses what is called an access-list (commonly ref'd to as ACL)to
allow/disallow traffic.

I'll give you a scenarios and you can apply it to your situation and then
you can tell me if it worked for you.

network 10.1.1.0 netmask 255.255.255.0
default route out is 10.1.1.1 (1600)

conf t 

access-list 101 permit tcp 10.0.0.0 0.0.0.225 any eq 80 
int e0 
ip access-group 101 out 


In this example, web traffic is allowed out and their is always an implicit
deny at the end of each ACL. SO remember do do this for DNS/FTP/etc....

Also the netmask as you can see in inverted. (This is a must)

If you wanted to do the same thing on the incoming WAN port, then it would
look similar to this: (this allows all internet traffic in rather than from
a specific host or network using the key word "any") And 201.201.201.201 is
a made up host I am assuming it being static nat'd to an inside address

conf t 
access-list 101 permit tcp any host 201.201.201.201 0.0.0.0 eq 80

int s0 
ip access-group 101 in 
^z
wr m 

Just remember, these acl's are quite generic...and are no way always the
best way to set up a connection to the internet.

for a little bit better understanding without having to login to cisco's web
site, go here.

http://www.networkcomputing.com/907/907ws1.html 

-Patrick


>>> "Brian Whalen"  08/23/01 04:25PM >>>
An access list will likely do this for you..

Brian "Sonic" Whalen
Success = Preparation + Opportunity


On Thu, 23 Aug 2001, Ken Owens wrote:

> Hello,
>
> I am administering a Cisco 1600 router.  I need to "open" a specific TCP &
> UDP port number to allow traffic for a specific application.
>
> I have read my documentation for this router pretty thoroughly and do not
> see this mentioned anywhere.  Does anyone have any advice for me on this
> topic?
>
> Thank you in advance!
>
> Ken




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=17057&t=17047
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to