Cisco :: Creating An Access Control List?
Apr 6, 2013Creating an Access Control List
View 2 Replies
ADVERTISEMENT
Unable To Set Directory Access Control List
Apr 17, 2012I am copying files form one server to another using Bightserv ARCserve Backup, now the files copy over however the access control list to the files isn't.Does anybody no away around this?
View 3 Replies View RelatedCisco :: Access Control List Practice Site?
Apr 25, 2013I've been working on an application recently that practice ACL configuration, and since finishing I figured it should be put on the internet as there wasnt much more work to do to make it suitable for a website. It allows you to practice both standard and extended ACL configuration by generating a random number of ACL actions for you to configure, and provides the correct config to compare yours against to see if you were correct. It also emulates a router at a very basic level to allow practice when there is no equipment available.
View 9 Replies View RelatedCisco :: Access Control List Not Behaving As Expected
Dec 18, 2011I have an extended acl on my VLAN interface in bound and it is working like I need it to, securing one side of my network from the other allowing only what I want from my desktops to my servers. The acls look something like this:
vlan70 -----> inbound acl (allows 80/443) ---> vlan100
I need vlan100 to have access to something on vlan70 now and I cannot get it to work. My question is would this work?
vlan70 -----> inbound acl (allows 80/443) ---> vlan100
vlan100 <----- outbound acl (allows 9100) <---- vlan70
Traffic is initiated from vlan100 not from vlan70 then back through so an established rule does not work. Also there are many more ports open in my inbound acl but this is simplified for ease of reading.I want to make sure if I place both an inbound and outbound rule on my vlan and that it is in the right place, both on the same vlan.
Cisco :: AS5400 SIP Gateway And Access-list Control?
Feb 3, 2011I have a sip gateway (AS5400) that is used to connect sip providers to our internal voice network.Internal gateway (10.1.1.2 LAN) -- SIP trunk -- AS5400 (10.1.1.3 LAN/ 8.23.23.43 WAN) -- SIP trunk -- Internet SIP Provider We encountered the following problem :A SIP call from internal gateway to the sip provider could establish but was muted on our side (sip provider could hear us)On the WAN interface of the AS5400, there is a ACL that filter traffic IN coming from SIP Provider
interface GigabitEthernet0/0
ip address 8.23.23.43 255.255.255.224
ip access-group 101 in
I log the deny on this ACL and I saw some udp packets denied with LAN addresses !*Mar 3 15:24:44.001: %SEC-6-IPACCESSLOGP: list 101 denied udp 10.1.1.3(0) -> 10.1.1.2 (0), 1 packet I did not bind anything on the sip config.When I changed the ACLs, calls went well.Why do I see LAN packets on the WAN interface ?
Cisco WAN :: Access Control List On 7200 Router?
Dec 12, 2012I am having some issues with creating an ACL for my gateway router.I want to block external access to my network 192.168.1.0/24 from internet so i set up the ACL on the WAN port of my 7200 router asI am using named extened access list -
{
deny ip any 192.168.1.0 0.0.0.255 log
permit ip any any
}
and i applied this inbound accesslist on the WAN port of router as
"ip access-group acl-in in"
Now i have blocked the external traffic to my network 192.168.1.0/24 but the issue i am having is i am also unable to reach outside now. All i want is to block external traffic on the router WAN port but allow internal traffic to outside. Did i miss anything in the access list?
Cisco WAN :: 876-SEC-I-K9 Number Of Access Control List Support
Jul 15, 2012How to find out the upper limit of ACL on CISCO876-SEC-I-K9 router. How to measure performance parameter on the same as BGP is running on this router.
View 1 Replies View RelatedCisco :: WLC 4402 And LWAP 1510 / Access Control List?
Aug 18, 2011We have WLC 4402 and LWAP 1510In access control list menu, all needed rule added and the last rule deny any to any We use Ethernet bridging on LWAP and some clients connect with wire network that associated with Ethernet bridge LWAP, Now when deny rule applied the client that connect with wired network couldn't established VPN connection or another service to the routing and remote server, I create rule that permit any to routing and remote server.
View 1 Replies View RelatedCisco Firewall :: Access-List Traffic Control Attempting To Block RDP 3389
Nov 7, 2012I have an ASA pair configured to replace a router that hosts a collection of IPSec Tunnels. Tunnels appear to work. I am lab'ing some additional controls that I would like to implement. On the Production Router that i plan to replace with the ASA's the current Tunnels are all wide open (all traffic allowed to pass). I was hoping to lock things down a little without having to reconfigure all of the Tunnels. My though was that an ACL on the Inside Interface blocking selected traffic Out (so into the LAN) should not impact the stability of the Tunnels but allow me to restrict some traffic from entering the LAN. One port that I was attempting to block is RDP 3389. When this ACL is applied to the inside interface it does not block Port 3389 at all. What am I missing? Is it that the trffic is being allowed because it is coming through one of my 'open' Tunnels?
Shouldn't IPSec Tunnel traffic be processed by the Inside Interface ACL just like all other traffic?
access-list 145 deny tcp 192.168.30.0 0.0.0.255 10.187.10.0 0.0.0.255 eq 3389
access-list 145 deny tcp 192.168.30.0 0.0.0.255 10.187.10.0 0.0.0.255 eq 135
access-list 145 deny tcp 192.168.30.0 0.0.0.255 10.187.10.0 0.0.0.255 eq 137
access-list 145 deny tcp 192.168.30.0 0.0.0.255 10.187.10.0 0.0.0.255 eq 138
access-list 145 deny tcp 192.168.30.0 0.0.0.255 10.187.10.0 0.0.0.255 eq 139
access-list 145 deny tcp 192.168.30.0 0.0.0.255 10.187.10.0 0.0.0.255 eq 445
access-list 145 deny tcp 192.168.30.0 0.0.0.255 10.187.10.0 0.0.0.255 eq 389
access-list 145 permit ip any any
ip access-group 145 out interface Internal
This work great on a 2821 Router, but not so much on the ASA.
Linksys Wireless Router :: E1200 Parental Control Device List?
Oct 19, 2012I'm trying to limit my kids' access to the internet during the night, since I caught them plugging their laptops and the Xbox into the router's Ethernet ports late at night so they could circumvent the wireless guest access. The problem is, I only have 5 available control slots and the list of devices I browse to choose from is vague at best. Half of the devices listed in parental controls say "Network Device" and the other half say "iPhone" or "iPad". Isn't there an easy way to choose the correct devices to restrict, like by IP or MAC address? And if not, why is this so confusing and difficult? I have a family of 10 in my house and everyone is connecting with their own phn or 3 iPads, 2 laptops, 2 desktop PCs, 1 Xbox and 1 PS3.I tried limiting the DHCP Reservation list, but that seems to only affect the wireless access, not the 4 ethernet port connections.
View 3 Replies View RelatedCisco WAN :: 1720 Router - Commands To Set Access List To Allow Access To Port 551
Nov 29, 2010I am trying to allow telnet to port 551 but i couldn't get it to work.I am using a cisco 1720 router running on IOS 12.2.I am using the below commands to set the access list to allow access to port 551 using remote telnet to the Cisco router.hostname R1!interface ethernet0ip access-group 102 in!access-list 102 permit tcp any any eq 551.After i enter the above command the router will disconnect me and i will not be able to connect to it for awhile. Once the router is up i am still unable to telnet to port 551.
View 14 Replies View RelatedWifi Access Points With User Access Control?
Nov 27, 2012We have a small office and already have a firewall in place that uses content filtering. I am looking for a low cost wireless access point that I can place behind my firewall that will allow me to control access by a username and password list, not just the passkey.
Does this exist without having to go to an Aruba or Ruckus type enterprise WIFI product?
Cisco Firewall :: Creating Access Rules On ASA 5520 Platform
Aug 2, 2011Our company has recently upgraded our firewall from a Borderware Steelgate v7.1 platform to a Cisco ASA 5520 platform. Needless to say the interface on the Cisco platform is much more complex and I don't have much experience working with firewalls. Our other IT guy is out of town and this is the first time I have worked on this setup.
I need to create the following access rule
I need to open port 4**0 to be allowed through the firewall from external ip address 10.XXX.XX.XXX only. Then forward port 4**0 to 10.XX.XX.XX port 80 tcp
Cisco Switches :: SG200-18 - Losing Access On Random Ports When Creating LAG
Aug 3, 2011I just bought a SG200-18 in order to use LAG between a backup server and multiple computers and servers. Servers are supposed to all use 2 links and computers only 1.
As soon as I activate LAG on port 2 and 3, no matter what is connected on the switch I lose access to the switch interface (luckuly, it's still working on port 17 for a strange reason) and all computers / servers connected are randomly losing the network access. Everyrhing start to be slow but most servers and computers don't lose access to the internet. Browsing a web site will suddenly take ages but... it will work eventualy.
I already used LAG on other switch without a single issue.. The only uplink I have is to the router and I know that I don't have any issue with network cables....
So what am I doing wrong ??? I didn't even try to configure the TEAMING on the servers, just creating LAG on the switch will kill everything Oo.. I'm starting to think that my SG200 is dead out of the box.
Cisco Firewall :: 5520 High Memory Usage And Error Creating Access Rules
Feb 13, 2013I'm having a problem with the memory and also trying to create some rules on the CISCO ASA. The version that I got installed was the 8.2.5.33 on a CISCO 5520 with 512 RAM, the memory usage is on 99% used, 1% free and because of that when I'm trying to create a new rule the firewall brings me the next error..So what I did was a downgrade to the version 8.2 (4) 4 and the memory went down a little (82% used, 18% free) but I still got the error when I'm creating an access rule on the device. One thing and I'm not sure if this could affect on the performance are the number of access list and the object groups that are created.
I already open a case with CISCO TAC and they are checking if the problem is with the memory capacity or maybe a memory leak.Also the doubt that I got is with the memory that I got now available should I can create access rules or 82 is still to hig to create a rule or and object group?
Cisco :: Access Control For Static NAT
Jun 15, 2012(1) forward range of ports to a specific IPs using static NAT? for ex, i would like to forward port 5060 and 10000-20000 to a server 192.168.1.22..
(2) how to apply access control to this static NAT ? for ex. i would like to deny specfic IPs from accessing it from public..
====================================================
interface ethernet 0
ip address 192.168.1.1 255.255.255.0
ip nat inside
[code]....
Cisco :: 5508 - MAC Access Control
Nov 29, 2012We are forced to rush a installation of a WLC 5508 various reasons in a testing lab. I eventually want to configure RADIUS and such but cannot do it at this immediate time. What I would like to do is implement straight forward MAC filtering. The problem I am having is the controller allows either any W LAN or only one W LAN, and a interface setting. I need to have each MAC be able to access several W LAN's but not all of them. Can anyone point me to a article or give me a quick idea of what I can do.I have basic W LAN's configured and have MAC filtering generally working. I cannot just use a user authentication because each user may have 20-30 devices, but not all of these devices should be allowed on all W LAN's and I do not want to rely on the user.
View 8 Replies View RelatedCisco AAA/Identity/Nac :: ACS 5.3 For Network Access Control
Feb 16, 2013We recently deployed ACS 5.3 on a VM, while the main purpose of implementation was to control access (authentication/authorization) on network devices; Can we use the same user to authenticate users' access to our wired network? So only users with a valid credentials on our Windows AD can have access to the network?
View 1 Replies View RelatedCisco VPN :: ASA 8.2.x - Control Access To Different Group Policies On VPN?
Mar 22, 2010Using Microsoft IAS as the auth server, how do I get the ASA (v.8.2.1) to take different user groups defined in AD, and control access to different group policies on the VPN? We're setting up the ASA for many different vendors, and need to control access for each vendor with different policy.
For example, Vendor one is in AD group Vendor1 and will only be permitted access to a specific group of defined IPs in our network. Vendor two is in AD group Vendor2 and will only be permitted access to a different group of defined IPs in our network from Vendor1.
Cisco VPN :: How To Control Access To Clientless SSL VPN On ASA 5520
Dec 11, 2011I have setup clientless SSL VPN on my ASA. User authentication is done by RADIUS using ACS 5.2, I have created two portal one for IT department and the other for auditing department but the user in auditing if the select IT group from the drop down list they can login to it, my question is how can I make them login to their group only and prevent them from accessing other groups ?
View 3 Replies View RelatedHow To Setup Access Control For My Children
Mar 22, 2011I have a D-Link DIR-615 and am trying to set up the Access Control so that I can restrict Internet connection from midnight till morning (to keep my teenage kids from staying up half the night on the Internet)I can step through the Access Control set up, but I don't see how I can block only one MAC address or computer from accessing the internet at specific times.
View 14 Replies View RelatedD-Link DIR-615 :: Access Control Blocks Too Much
Oct 24, 2012I have tried to setup access control by setting up a policy that restricts certain MAC addresses during a period during the day from certain websites. I set up the website filter and a schedule and selected them for the policy. Instead of blocking just the websites on the filter list during the time setup in the schedule, it blocks all websites all the time.I made sure that I setup the policy to 'block some access' NOT 'block all access'.The only thing that seems to work is that only the computers with the MAC address selected are effected.
View 3 Replies View RelatedD-Link DIR-655 :: Web Access Control Not Working?
Mar 2, 2010I may be doing it incorrectly, but I'm trying to configure web access rules. I first set up access control and tell it to use the website filter. I've tried configuring it by both MAC address and IP address (separately, not simultaneously), but it still allows the listed sites in the web filter to get through. Is there something else I need to block or am I not doing something correctly? The network is on DHCP reservation, so IP addresses are always the same. MAC addresses, as I mentioned, don't work, either and they are fixed and logged in the router.
View 9 Replies View RelatedD-Link DIR-655 :: Access Control When IP Or MAC Can Be Changed
Dec 31, 2011DIR655 with 1.33NA firmware. I'm trying to determine how to block access to the internet for a specific LAN computer when the user knows how to change a MAC address. I don't want to turn MAC control on and grant only to listed computers - the list doesn't accommodate enough MAC addresses, and the client has wireless and wired since it's a laptop. I also don't want to set static IPs on all of the devices since some cannot accommodate that feature.I'm thinking that reserving an IP address isn't ultimately the solution either, since assigning the IP isn't going to work if the MAC changes. how to use access control under these circumstances?
View 1 Replies View RelatedCisco WAN :: MAC Access-list In 881 And 892 Router
Dec 20, 2011How to implement mac access-list in 881 and 892 router ? As you now that we can get additional switch-port in the same router but I can't see the function in this router. I guess the switch port must function like the catalyst 2960 switch.
View 3 Replies View RelatedCisco WAN :: 3750 - How Big Can Access-list Be
Nov 20, 2011I'm creating an access-list that will contain all networks and host that will be redistribute into EIGRP.Till now, this access-list contains 72 entries but this number can increase anytime.
I'm using a 3750-x layer 3 switch, and I'm wondering how big this access-list can be, regarding CPU and memory utilization and performance.
Cisco WAN :: Access List In 861 Router
Jan 17, 2011we installed a cisco router in a school with two vlans (VLAN 1 & VLAN 2) VLAN 1 is for teachers and Admin and VLAN 2 is for students. We want so that VLAN 2 shouldn't be able to access any device in VLAN 1 but VLAN 1 should be able to access all devices in VLAN 1 & 2
VLAN 1 192.168.11.0/24
VLAN 2 192.168.12.0/24
I am using VLAN interfaces. I know we have to use some access lists but if i apply
access-list 100 permit ip 192.168.10.0 0.0.255 any
access-list 100 deny ip 192.168.12.0 0.0.0.255 192.168.10.0 0.0.0.255
With this access list two subnets can not access each other. How these access list should look likes ?
Cisco :: Access Control Lists And A Bridge Group?
May 13, 2012I've got a Cisco 1841 with 2 FastEthernet ports here. My Cisco isn't great, and I've been given a problem I don't seem to be able to crack.Essentially, I have one network with two sides. I've connected these to fe0/0 and fe0/1 on the router, and put them interfaces into a bridge group which as far as I can tell, essentially makes the router a 2 port switch...I know this won't make a lot of sense from a normal network point of view, but what we need to do is allow all traffic from fe0/0 to fe0/1, but not allow any traffic in the reverse direction. The traffic allowed to flow from fe0/0 to fe0/1 must include broadcast traffic (infact that is the most important traffic, its how the silly theatre application works). None of the traffic is IP addressed.... ie, each of the devices on the network assign themselves an IP address, and then throw broadcast traffic out on to the "dedicated physical network" that exists between them for communication[CODE]
View 2 Replies View RelatedCisco AAA/Identity/Nac :: Method To Control Access To Different WLAN On Same ACS 5.2 And WLC
Aug 6, 2012is there any method to control an access to the different WLAN(PEAP) on the same ACS 5.2 and WLC?That is, there is two AD groups the one have access to domain network only the other group have access to internet only and may be third group that have access to both networks.Currently if i add new authorization policy the user will have access to both networks.
View 1 Replies View RelatedCisco :: 5508 / Control Access To Preauthorized Device?
Jul 15, 2012I have been asked to allow our employees to connect their own devices to a open wireless network. I want to control access to preauthorized devices and I am looking for solutions. We do to have access to any other control devices like an ACS and I would like to archive the result using just the 5508 controller.
View 1 Replies View RelatedCisco Wireless :: Can't Access Control Panel Of WAP4410n
Jan 8, 2011just i purchase cisco access point and I tried to access control panel to setup wireless security but the page i issued not display 192.168.1.245, there is any wayes to connet device web base ??
View 4 Replies View RelatedCisco AAA/Identity/Nac :: ASA 5520 - VPN Access Control Using LDAP
Mar 13, 2011I am configuring an ASA 5520 for VPN access. Authorization & Authentication use an LDAP server. I have the tunneling configured successfully, and I can access internal resources. What I want to do now is to restrict access to a specific AD Group membership. In the absence of that group membership, a user should not be allowed access to the VPN.
My test VPN client software is Cisco Systems VPN Client Version 5.0.05.0290. The group authentication is configured into a Connection Entry that identifies the Tunnel Group. I think I worded that correctly.
The Software Version on the ASA is 8.3(1).
My current challenge is getting the VPN to stop letting every access request through regardless of group membership.
[URL]
The configuration (AAA LDAP, group policy, and tunnel group) is below.
aaa-server LDAP protocol ldapaaa-server LDAP (inside) host x.x.y.12 server-port 636 ldap-base-dn dc=domain,dc=com ldap-scope subtree ldap-naming-attribute sAMAccountName ldap-login-password ******** ldap-login-dn
[Code].....
Cisco Routers :: IPSec Access Control On WRVS4400N?
Oct 7, 2011I have a WRVS4400N, and need to apply access control to an IPSec tunnel that terminates at a client site, but can't seem to make the device comply.
I can configure ACLs on their device for the LAN to restrict packets coming back into my network, and can restrict packets outbound frm my LAN but that is hardly a secure method of doing this in my opinion.