Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 205
  • Last Modified:

Access List

Hi,

I have a customer running public IP on the 2 interfaces (eth & Serial). Now he wants to implement the access list on the router which only allows 1 IP to access the router from internal LAN and none from the outside.

I am just wondering should i apply the access list in the serial also ?

Please give me saome examples.

Thanks.
0
carollow
Asked:
carollow
1 Solution
 
st_steveCommented:
If you apply the access list to the serial interface as well, you will block off  all access to the router from outside, wouldn't you? I mean is that what you want? You're blocking outside access to Ethernet interface, which is fine. But I don't think you should apply the access lists to the serial interface, or there will be no outside communications then, unless you have another interface set up.

Maybe I'm reading the question wrong.
0
 
ajvelCommented:
hi carallow,

It is very much possible. Pls try the below example.

To be Applied to Serial Interface
access-list 101 deny tcp 0.0.0.0 0.0.0.0 host {Serial Interface IP} eq telnet
access-list 101 permit any any

interface serialX
 ip access-group 101 in



To be Applied to Ethernet Inetface

access-list 102 permit tcp host {Monitoring Systems IP} host {Ethernet Interface IP} eq telnet
access-list 102 deny tcp 0.0.0.0 0.0.0.0 host {Ethernet Interface IP} eq telnet
access-list 102 permit any any

interface ethernetx
 ip access-group 102 in

Thanks
ajvel
0
 
carollowAuthor Commented:
ajvel,

the access list is not successful on the serial interface, i can still telnet the router from the internet.

carol
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now