Lo Ching wrote: > > Dear All, > > I have the network as follow > > LAN1 ---R1--- serial ---- R2--- HQ > > I want to allow the LAN1 host to access the HQ server and allow > HQ to remote configure R1 router through telnet.
What kind of "server" is it at HQ? In other words, what services does it offer and what ports are open for access to those services? > > I have the following ACL configured in R1. Is it correct? > Can you help me to check? > > access-list 101 permit tcp any any eq 4200 > access-list 101 permit tcp any any eq 80 > access-list 101 permit tcp any any eq 1500 This permits the hosts on your LAN to communicate with any server anywhere running: 4200 VRML Multi User Systems 80 HTTP 1500 VLSI License Manager The port numbers are from the Internet Assigned Numbers Authority (IANA) list here: http://www.iana.org/assignments/port-numbers You may be using a different "authority" and maybe the numbers means something else to you. If you want it to be specific to one server, don't use that second any. Instead put the server's address, preceded by the "host" keyword. Do your clients have access to a local DNS server? If not, you may want something like this added to the first list: access-list 101 permit udp any host server-address eq domain > > access-list 102 permit tcp any any gt 1023 established > access-list 102 permit tcp any any eq telnet The first line shouldn't be necessary? I'm not sure what you were trying to accomplish with that. Once again, you should be more specific than any any. > > interface e0 > ip access-group 101 in > > interface s0 > ip access-group 102 in To restrict Telnet access to your router, you have to apply the access-class command to the vty line like this: line vty 0 4 access-class 102 in password 7 11070C0E12 login Priscilla > > Thanks in advance. > > rgds, > LoChing Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66589&t=66584 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
