poopsi
asked on
cisco router 7000 --how to block certain services to a single ip
Hi,
iam using a cisco 7000 series router. i have a user in my network, who utilises one of my ip . i want to block all the services (like http,vpn etc) except ftp. i want him to use ftp only. how do i configure in my router for the same to happen?
Poopsi
iam using a cisco 7000 series router. i have a user in my network, who utilises one of my ip . i want to block all the services (like http,vpn etc) except ftp. i want him to use ftp only. how do i configure in my router for the same to happen?
Poopsi
You _might_ also need (before the deny statement)
access-list 101 permit tcp host <ipaddress> any eq ftp-data
access-list 101 permit tcp host <ipaddress> any eq ftp-data
G'day, poopsi
There has not been any comments from you on this question in 7 days.
Do you still need assistance, need more information, or have you solved your problem?
Can you close out this question?
Ways to close your questions:
http://www.apollois.com/EE/Help/Closing_Questions.htm
There has not been any comments from you on this question in 7 days.
Do you still need assistance, need more information, or have you solved your problem?
Can you close out this question?
Ways to close your questions:
http://www.apollois.com/EE/Help/Closing_Questions.htm
ASKER
Hi Irmoore,
I have implemented it in the network. I hope this will work. THanks a lot for your help and iam sorry for the delay
I have implemented it in the network. I hope this will work. THanks a lot for your help and iam sorry for the delay
Have you been able to test this solution?
ASKER
The solution is working. the user is getting connected, but he is unable to view the folders from the ftp server.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes, I added the ftp-data also. But its the same problem. The user is able to connect to the server, but he is getting this message--"could not open directory listings". we changed the ftp software and tried with dos-ftp. but the problem still persists.
Have his software try a passive ftp connection.
ASKER
yes, it is working....and thanks for the wonderful support.
access-list 101 permit tcp host <ipaddress> any eq ftp
access-list 101 deny ip host <ipaddress> any
access-list 101 permit ip any any
Interface Fast 0/1
ip access-group 101 in