3XLcom
asked on
block an ip for destination port cisco
How should we block an internal ip address to connect to a specific remote port.
for ex our ip address is xx.xx.xx.xx and i want to drop its 22 port calls to out of our network how should i do it ?
for ex our ip address is xx.xx.xx.xx and i want to drop its 22 port calls to out of our network how should i do it ?
ASKER
is this work on outputs ? I am not asking for input calls ?
in to the interface is out from the PC
ASKER
hmm i see so i wont put it to uplink port i will put rules to switch port of pc ? because on uplink it is on out direction
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you so much
interface ethernet 0/0
ip access-group 120 in
access-list 120 deny tcp host xx.xx.xx.xx any eq 22 log
access-list 120 deny udp host xx.xx.xx.xx any eq 22 log
access-list 120 permit tcp any any
access-list 120 permit udp any any