ACL Question

I'm currently trying to setup my network to allow access to my lab from the internet so I can play with it in my downtime while at work.

My network is using the 192.168 address range and I have e0 on my access server (2509) assigned to this range so that I can get to it from inside as well as route ports to it from my cable modem.

I'm trying to set up an ACL on the access server to deny telnet connections back out of the e0 interface to any other computer on the inside network. Specifically, I want to block access to my mail server port 25 via telnet.

Everything I have tried thus far still allows access to the server from the router. Any suggestions?

Sam

Reply to
Sam
Loading thread data ...

So what have you tried? You just need to block TCP port 25! Show us your acl's!!

Chris.

Reply to
Chris

Routers aren't subject to their own ACLs. Rather, ACLs on interfaces don't affect traffic originated by the router.

If you want to stop ALL connections from the router out to other devices apply "transport output none" to the VTY lines: line vty 0 4 transport output none

If you only want to deny telnet->host:25 but permit everything else then: access-list 101 deny tcp any host 192.168.1.25 eq 25 access-list 101 permit ip any any line vty 0 4 access-class 101 out

Nick

Reply to
nwgarner

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.