Cisco Router Deny List Question

[scm7kag]

Hi,

Bit of a novice when it comes to router configuration, but when I wish to stop a client pc accessing the outside world i use the command:

deny ip host 152.232.x.x any

What command would i use to block a specific client ip address from access the port that msn messenger uses?

And what command would I use to block a client from accessing a specific ip in the outside world?

 

[lgarner]

access-list 101 deny tcp host 152.232.x.x any eq msn_port
access-list 101 deny ip host 152.232.x.x host x.x.x.x

Replace "tcp" with "udp" (or just add another list entry) if necessary. I don't know which protocol msn uses.

Also note that the standard access list which you have will be numbered 1-99. Blocking destinations and ports requires extended acl's numbered 100-199.

 

[Infinity123]

MSN doesnt use a specific port, it like other instant messengers are almost trojan like. It has the ability to use port 80 if none of the other ports are open. If you run a recent version of IOS you can impliment NBAR. Just do a search on cisco on NBAR for configuration docs