hey,
I'm really new into cisco and I've got a little question.
I'm trying to deny all inbounds and permit only few specific IPs.
for ex. 212.13.19.21 , 212.13.22.97 , 78.88.14.69
and also range of IPs 192.168.1.10-55.
what's a good way for doing it?
do I have to access-list these IPs and then have a deny command?
can you please write me the commands, I must have done something wrong.
Generally the rule of thumb is to deny what you want to deny first then place your permit statements afterward. I like named access-lists myself because if you want to make a change to it you don't have to remove the whole access-list to remove one line.
for example:
ip access-list extended "NAME" (you can make any name you want...without the quotation marks).
Say I want to deny a specific address to your WAN IP. The following statement would deny only 10.10.10.10 to 2.2.2.2.
deny ip 10.10.10.10 0.0.0.0 2.2.2.2 0.0.0.0
permit ip/tcp/udp (whatever protocol you specify, ip allows anything udp or tcp) source address or subnet destination address or subnet "eq port number" (eq specifies a port which is in the udp or tcp range)
You are about to answer a thread that has been inactive for more than 6 months. If you still wish to proceed, please ensure that your posting is original and does not duplicate or overlap any prior responses to this thread.