Hi, can anyone provide a sample access-list config allowing only certain ports (80,25, etc...) to be "open" to the public Internet and everything else is denied? I have tried for awhile but no luck, this is not making any sense to me. As soon as I implement this, port 80 is blocked b/c I can't browse the internet. Help, thanks a lot.
ACL config:
ip access-list 110 permit tcp any host 65.64.52.x eq 80
ip access-list 110 permit tcp any host 65.64.52.x eq 25
//(implicit deny all)
//65.64.52.x is my external address that is one-to-one NATed to a private address hosting these services.
WAN Interface ACL config:
ip access-group 110 in
ACL config:
ip access-list 110 permit tcp any host 65.64.52.x eq 80
ip access-list 110 permit tcp any host 65.64.52.x eq 25
//(implicit deny all)
//65.64.52.x is my external address that is one-to-one NATed to a private address hosting these services.
WAN Interface ACL config:
ip access-group 110 in