In this Example will open ports for need to use out of using will close it alls.
This case no have inside (internal) server.
Step for setting Up :
Router#conf t
Router(config)#access-list 100 permit tcp any any range 20 23
Router(config)#access-list 100 permit tcp any any eq 25
Router(config)#access-list 100 permit tcp any any eq 53
Router(config)#access-list 100 permit tcp any any eq 80
Router(config)#access-list 100 permit tcp any any eq 110
Router(config)#access-list 100 permit tcp any any eq 143
Router(config)#access-list 100 permit tcp any any eq 443
Router(config)#access-list 100 permit udp any any eq 53
Router(config)#access-list 100 permit udp any any eq 161
Router(config)#access-list 100 permit tcp any any eq 3306
Router(config)#access-list 100 permit icmp any any echo
Router(config)#access-list 100 deny ip any any
Router(config)#int f0
Router(config-if)#ip access-group 100 in
This case : have inside (internal server)
Server IP for this case as below :
Web Server : 202.129.49.194
FTP Server : 202.129.49.195
DNS Server : 202.129.49.196
Mail Server : 202.129.49.197
Step for Setting Up :
Router#conf t
Router(config)#access-list 100 permit tcp any any range 20 23
Router(config)#access-list 100 permit tcp any any eq 25
Router(config)#access-list 100 permit tcp any any eq 53
Router(config)#access-list 100 permit tcp any any eq 80
Router(config)#access-list 100 permit tcp any any eq 110
Router(config)#access-list 100 permit tcp any any eq 143
Router(config)#access-list 100 permit tcp any any eq 443
Router(config)#access-list 100 permit udp any any eq 53
Router(config)#access-list 100 permit udp any any eq 161
Router(config)#access-list 100 permit tcp any any eq 3306
Router(config)#access-list 100 permit icmp any any echo
Router(config)#access-list 100 permit tcp host 202.129.49.194 eq 80 any
Router(config)#access-list 100 permit tcp host 202.129.49.195 any < For FTP Server >
Router(config)#access-list 100 permit tcp host 202.129.49.196 eq 53 any < For DNS Server : tcp>
Router(config)#access-list 100 permit udp host 202.129.49.196 eq 53 any < For DNS Server : udp >
Router(config)#access-list 100 permit tcp host 202.129.49.197 eq 25 any < For SMTP>
Router(config)#access-list 100 permit tcp host 202.129.49.197 eq 110 any < For pop3>
Router(config)#access-list 100 permit tcp host 202.129.49.197 eq 143 any < For imap>
Router(config)#access-list 100 deny ip any any
Router(config)#int f0
Router(config-if)#ip access-group 100 in
Hope this topic will help you fixed out about setting up access list on cisco router
Comments
Post a Comment