That would work, although you don't need the "deny ip any any" as there is always an implied "deny all" at the end of the access list.
However, to protect yourself from unwanted traffic/attacks, you can changed your access list to only allow traffic incoming on port 21 (eq ftp): access-list 110 permit tcp any host 192.3.10.10 eq ftp That should do it for ya......... Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24672&t=24525 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
