Hi All,
I would like to clarify below for the rules needed to apply for the
access-list based on different applications/requirements.Thanks for the
assistance
Say the topology is as listed like R6-BB1
*Requirement*
1) Allow only ftp traffic from BB1.
*Assuming the solution as below*
An extended access-list would be applied *inbound *on the R6 interface
facing towards BB1
ip access-list extended allow_in
*Active FTP*
10 permit tcp any gt 1023 <inside network - inverse mask> range 20
21 --- For Active FTP(assuming Client is outside and server is inside)
20 permit tcp any range 20 21 <inside network -inverse mask> gt 1023
--For Active FTP (assuming client is inside and server is outside)
*Passive FTP*
30 permit tcp any gt 1023 <inside network - inverse mask> gt 1023
-For Passive FTP(Assuming client is outside and server is inside)
Is the above access-list would permit both passive and active FTP(including
server inside or outside).Kindly correct me where I am wrong.
*Note:* Ignoring the permit statements required for routing protocol or any
other protocol traffic between R6 and BB1 for our question
Thanks
Regards
Anantha Subramanian Natarajan
Blogs and organic groups at http://www.ccie.net
Received on Fri Aug 21 2009 - 16:42:15 ART
This archive was generated by hypermail 2.2.0 : Tue Sep 01 2009 - 05:43:57 ART