Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

block an ip for destination port cisco

Posted on 2013-05-09
6
355 Views
Last Modified: 2013-05-10
How should we block an internal ip address to connect to a specific remote port.
for ex our ip address is xx.xx.xx.xx and i want to drop its 22 port calls to out of our network how should i do it ?
0
Comment
Question by:3XLcom
  • 3
  • 3
6 Comments
 
LVL 11

Expert Comment

by:naderz
ID: 39154039
This would be one way:

interface ethernet 0/0
 ip access-group 120 in

access-list 120 deny tcp host xx.xx.xx.xx any eq 22 log
access-list 120 deny udp host xx.xx.xx.xx any eq 22 log
access-list 120 permit tcp any any
access-list 120 permit udp any any
0
 

Author Comment

by:3XLcom
ID: 39154045
is this work on outputs ? I am not asking for input calls ?
0
 
LVL 11

Expert Comment

by:naderz
ID: 39154080
in to the interface is out from the PC
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 

Author Comment

by:3XLcom
ID: 39154857
hmm i see so i wont put it to uplink port i will put rules to switch port of pc ? because on uplink it is on out direction
0
 
LVL 11

Accepted Solution

by:
naderz earned 500 total points
ID: 39156159
Yes. Best practice is to apply this type of policy closest to the source. The concept being you don't want the "unwanted" traffic to travel through the network any more than necessary.
0
 

Author Closing Comment

by:3XLcom
ID: 39156171
Thank you so much
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will cover setting up redundant ISPs for outbound connectivity on an ASA 5510 (although the same should work on the 5520s and up as well).  It’s important to note that this covers outbound connectivity only.  The ASA does not have built…
This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question