Solved

block an ip for destination port cisco

Posted on 2013-05-09
6
354 Views
Last Modified: 2013-05-10
How should we block an internal ip address to connect to a specific remote port.
for ex our ip address is xx.xx.xx.xx and i want to drop its 22 port calls to out of our network how should i do it ?
0
Comment
Question by:3XLcom
  • 3
  • 3
6 Comments
 
LVL 11

Expert Comment

by:naderz
ID: 39154039
This would be one way:

interface ethernet 0/0
 ip access-group 120 in

access-list 120 deny tcp host xx.xx.xx.xx any eq 22 log
access-list 120 deny udp host xx.xx.xx.xx any eq 22 log
access-list 120 permit tcp any any
access-list 120 permit udp any any
0
 

Author Comment

by:3XLcom
ID: 39154045
is this work on outputs ? I am not asking for input calls ?
0
 
LVL 11

Expert Comment

by:naderz
ID: 39154080
in to the interface is out from the PC
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 

Author Comment

by:3XLcom
ID: 39154857
hmm i see so i wont put it to uplink port i will put rules to switch port of pc ? because on uplink it is on out direction
0
 
LVL 11

Accepted Solution

by:
naderz earned 500 total points
ID: 39156159
Yes. Best practice is to apply this type of policy closest to the source. The concept being you don't want the "unwanted" traffic to travel through the network any more than necessary.
0
 

Author Closing Comment

by:3XLcom
ID: 39156171
Thank you so much
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question