block an ip for destination port cisco

How should we block an internal ip address to connect to a specific remote port.
for ex our ip address is xx.xx.xx.xx and i want to drop its 22 port calls to out of our network how should i do it ?
3XLcomAsked:
Who is Participating?
 
naderzCommented:
Yes. Best practice is to apply this type of policy closest to the source. The concept being you don't want the "unwanted" traffic to travel through the network any more than necessary.
0
 
naderzCommented:
This would be one way:

interface ethernet 0/0
 ip access-group 120 in

access-list 120 deny tcp host xx.xx.xx.xx any eq 22 log
access-list 120 deny udp host xx.xx.xx.xx any eq 22 log
access-list 120 permit tcp any any
access-list 120 permit udp any any
0
 
3XLcomAuthor Commented:
is this work on outputs ? I am not asking for input calls ?
0
IT Degree with Certifications Included

Aspire to become a network administrator, network security analyst, or computer and information systems manager? Make the most of your experience as an IT professional by earning your B.S. in Network Operations and Security.

 
naderzCommented:
in to the interface is out from the PC
0
 
3XLcomAuthor Commented:
hmm i see so i wont put it to uplink port i will put rules to switch port of pc ? because on uplink it is on out direction
0
 
3XLcomAuthor Commented:
Thank you so much
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.