Anyone got an ACL for internet access?

blackninja · March 2009

I use the wic-adsl for internet access on my 2610 (IOS 12.3) when I use the lab but I need a acl to stop the unwanted.

Has anyone got one for me to understand what is needed.

Thanks

networker050184 · March 2009

You can start with the Secure IOS Template from Team Cymru.

blackninja · March 2009

networker050184 wrote: »

You can start with the Secure IOS Template from Team Cymru.

Thanks, thats gonna take some reading, then understanding.

tim100 · March 2009

blackninja wrote: »

I use the wic-adsl for internet access on my 2610 (IOS 12.3) when I use the lab but I need a acl to stop the unwanted.

Has anyone got one for me to understand what is needed.

Thanks

If you want to get a quick ACL going configure an outbound ACL with:

ip access-list extended OUTBOUND
permit ip any any reflect REFLECTED

Then configure an inbound ACL with

ip access-list extended INBOUND
evaluate REFLECTED
deny ip any any log

Then apply it to the ADSL interface:

ip access-group INBOUND in
ip access-group OUTBOUND out

blackninja · March 2009

tim100 wrote: »

Then apply it to the ADSL interface:

ip access-group INBOUND in
ip access-group OUTBOUND out

May be a daft question: but do I place them on the ATM interface or the DIALER interface?

blackninja · March 2009

tim100

After applying the ACLs started to get matches and after about 30 seconds got 3 denied.

Much appreiciated

Anyone got an ACL for internet access?

Comments