Link to home
Start Free TrialLog in
Avatar of 3XLcom
3XLcom

asked on

block an ip for destination port cisco

How should we block an internal ip address to connect to a specific remote port.
for ex our ip address is xx.xx.xx.xx and i want to drop its 22 port calls to out of our network how should i do it ?
Avatar of naderz
naderz
Flag of United States of America image

This would be one way:

interface ethernet 0/0
 ip access-group 120 in

access-list 120 deny tcp host xx.xx.xx.xx any eq 22 log
access-list 120 deny udp host xx.xx.xx.xx any eq 22 log
access-list 120 permit tcp any any
access-list 120 permit udp any any
Avatar of 3XLcom
3XLcom

ASKER

is this work on outputs ? I am not asking for input calls ?
in to the interface is out from the PC
Avatar of 3XLcom

ASKER

hmm i see so i wont put it to uplink port i will put rules to switch port of pc ? because on uplink it is on out direction
ASKER CERTIFIED SOLUTION
Avatar of naderz
naderz
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of 3XLcom

ASKER

Thank you so much