I need some basic IOS ACL help. We have the following config:
version 12.3 service timestamps debug uptime service timestamps log uptime service password-encryption service udp-small-servers service tcp-small-servers ! ! boot-start-marker boot-end-marker ! no logging console enable password 7 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 no aaa new-model ip subnet-zero ip cef ! ! ! no ftp-server write-enable ! ! ! ! interface FastEthernet0/0 ip address 1.2.3.4 255.255.255.248 speed 100 full-duplex ! interface Serial0/0 no ip address encapsulation frame-relay IETF no ip mroute-cache no fair-queue service-module t1 timeslots 1-24 ! interface Serial0/0.1 point-to-point bandwidth 1536 ip address 4.5.6.7 255.255.255.252 ip access-group 120 in no cdp enable frame-relay interface-dlci 500 IETF ! interface Serial1/0 no ip address shutdown ! ip classless ip route 0.0.0.0 0.0.0.0 Serial0/0.1 no ip http server ! no cdp run ! line con 0 exec-timeout 0 0 password 7 XXXXXXXXXXXXXXXXXXXXXXXXXX line aux 0 login transport input all line vty 0 4 password 7 XXXXXXXXXXXXXXXXXXXXXXXXXX login line vty 5 15 password 7 XXXXXXXXXXXXXXXXXXXXXXXXXX login ! ! end
The FE interface is a public IP. The device connected to this is VPN device that also has an IP in the range, let's say 1.2.3.5. I need to pass ALL traffic destined for 1.2.3.5 but I don't want the FE interface on 1.2.3.4 or the serial interface on 4.5.6.7 to be pingable or accessible by telnet. Can someone help me with the ACL for this?
Thanks...