?
Solved

Create Cisco ACL to block incoming RDP & SNMP.

Posted on 2006-03-24
3
Medium Priority
?
2,182 Views
Last Modified: 2008-01-16
We just recently added a new clinic/site to our practice, but I have little or no say in their infrastructure.  (they have separate IT staff)  I've caught them a couple times running snmp scans & trying to rdp into our servers.  I want to setup our ACL to block snmp inbound from them & rdp.  Details below:

Cisco 2851

My Network (10.0.1.0) <-> Clinic Router(12.12.12.34) <-> Clinic Network (192.239.x.x)

interface Serial0/0/0
ip address 10.128.64.34 255.255.255.252
ip nat outside


interface FastEthernet0/1
ip address 12.12.12.34 255.255.255.0
ip nat inside


ip nat pool Clinic 10.1.48.10 10.1.48.254 netmask 255.255.255.0
ip nat inside source list 110 pool Clinic

access-list 110 permit ip 12.12.12.0 0.0.0.255 10.0.1.0 0.0.0.255
access-list 110 permit icmp 12.12.12.0 0.0.0.255 10.0.1.0 0.0.0.255


Thanks for the help!

James
0
Comment
Question by:deathandgravity
  • 2
3 Comments
 
LVL 6

Accepted Solution

by:
campbelc earned 1000 total points
ID: 16283700
access-list 101 deny tcp your_network your_subnet_mask clinics_network clinics_subnet_mask eq 3389
access-list 101 deny udp your_network your_subnet_mask clinics_network clinics_subnet_mask eq 161

Try this.

0
 
LVL 6

Expert Comment

by:campbelc
ID: 16283716
Actually, in your logs to you see them coming from the 192.x.x.x address or the 12.x.x.x address?
0
 
LVL 1

Author Comment

by:deathandgravity
ID: 16284394
Thanks!
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Server 172.16.200.2  was moved from behind Router R2 f0/1 to behind router R1 int f/01 and has now address 172.16.100.2. But we want users still to be able to connected to it by old IP. How to do it ? We can used destination NAT (DNAT).  In DNAT…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question