Solved

block an ip for destination port cisco

Posted on 2013-05-09
6
352 Views
Last Modified: 2013-05-10
How should we block an internal ip address to connect to a specific remote port.
for ex our ip address is xx.xx.xx.xx and i want to drop its 22 port calls to out of our network how should i do it ?
0
Comment
Question by:3XLcom
  • 3
  • 3
6 Comments
 
LVL 11

Expert Comment

by:naderz
ID: 39154039
This would be one way:

interface ethernet 0/0
 ip access-group 120 in

access-list 120 deny tcp host xx.xx.xx.xx any eq 22 log
access-list 120 deny udp host xx.xx.xx.xx any eq 22 log
access-list 120 permit tcp any any
access-list 120 permit udp any any
0
 

Author Comment

by:3XLcom
ID: 39154045
is this work on outputs ? I am not asking for input calls ?
0
 
LVL 11

Expert Comment

by:naderz
ID: 39154080
in to the interface is out from the PC
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:3XLcom
ID: 39154857
hmm i see so i wont put it to uplink port i will put rules to switch port of pc ? because on uplink it is on out direction
0
 
LVL 11

Accepted Solution

by:
naderz earned 500 total points
ID: 39156159
Yes. Best practice is to apply this type of policy closest to the source. The concept being you don't want the "unwanted" traffic to travel through the network any more than necessary.
0
 

Author Closing Comment

by:3XLcom
ID: 39156171
Thank you so much
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Route Summarization 2 32
Eigrp Router 5 46
NSD FAIL 2 21
Sonicwall routing between VPNs 5 25
Have you experienced traffic destined through a Cisco ASA firewall disappears and you do not know if the traffic stops in the firewall or somewhere else? The solution is the capture feature. This feature was released in 6.2(1) and works in all firew…
I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now