ACL brought down network

I just applied an ACL to an interface and it brought down my entire network.

I am trying to block RDP from inside my network to a server also inside my network. So I did...

access-list 113 deny   tcp 10.0.0.0 0.255.255.255 host 10.127.10.7 eq 3389
access-list 113 deny   udp 10.0.0.0 0.255.255.255 host 10.127.10.7 eq 3389

Applied it to the VLAN:

IP access-group 113 in

and boom....no more network.

Thoughts?
LVL 1
AHECAsked:
Who is Participating?
 
SouljaConnect With a Mentor Commented:
add

permit ip any any to the bottom of the acl.
0
 
Garry GlendownConnect With a Mentor Consulting and Network/Security SpecialistCommented:
Soulja already gave you the fix ...

Generally, Cisco access lists imply a "deny any any" on an access list as soon as a single line is present ...  this can bite you quickly if you try to recreate an access list without removing it from the interfaces first ...
0
 
AHECAuthor Commented:
Thanks guys...stupid mistake.

won't forget that one.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.