Firewalls: Help! I need and example set of CISCO ACL's

Firewalls
(March 1993)

Indexed By Thread: [Previous] [Next]

Subject:	Help! I need and example set of CISCO ACL's
From:	gpsemi @ netcom . com (GEC Plessey)
Date:	Thu, 11 Mar 93 12:56:19 -0800
To:	Firewalls @ GreatCircle . COM

hello.

        Probably a stupid question... But I loose sleep at night worrying
        about what are the correct/best CISCO ACL's to allow a firewall
        node behind a cisco access to the following internet services.
        Cisco havent been much help here despite repeated questions.

        ping
        DNS
        telnet 
        archie
        traceroute
        ftp

        Having "tightened" them up recently, I now discover that ftp has 
        stopped working!


!firewall node=A.A.A.A
!Packets going to Local Enthernet Cable
no access-list 101
access-list 101 permit ip   A.A.0.0 0.0.255.255     A.A.0.0 0.0.255.255
access-list 101 permit icmp 0.0.0.0 255.255.255.255 A.A.A.A 0.0.0.0
access-list 101 permit tcp  0.0.0.0 255.255.255.255 A.A.A.A 0.0.0.0 established
access-list 101 permit tcp  0.0.0.0 255.255.255.255 A.A.A.A 0.0.0.0 eq 540
access-list 101 permit udp  0.0.0.0 255.255.255.255 A.A.A.A 0.0.0.0 lt 922
access-list 101 permit udp  0.0.0.0 255.255.255.255 A.A.A.A 0.0.0.0 gt 900
access-list 101 permit udp  0.0.0.0 255.255.255.255 A.A.A.A 0.0.0.0 gt 1023
!
!
!
!Packets going out on X25 line to kent
no access-list 111
access-list 111 permit tcp  A.A.0.0 0.0.255.255 0.0.0.0 255.255.255.255
established
access-list 111 permit icmp A.A.A.A 0.0.0.0 0.0.0.0 255.255.255.255
access-list 111 permit tcp  A.A.A.A 0.0.0.0 0.0.0.0 255.255.255.255 eq 7
access-list 111 permit udp  A.A.A.A 0.0.0.0 0.0.0.0 255.255.255.255 eq 7
access-list 111 permit tcp  A.A.A.A 0.0.0.0 0.0.0.0 255.255.255.255 eq 20
access-list 111 permit tcp  A.A.A.A 0.0.0.0 0.0.0.0 255.255.255.255 eq 21
access-list 111 permit tcp  A.A.A.A 0.0.0.0 0.0.0.0 255.255.255.255 eq 23
access-list 111 permit tcp  A.A.A.A 0.0.0.0 0.0.0.0 255.255.255.255 eq 53
access-list 111 permit udp  A.A.A.A 0.0.0.0 0.0.0.0 255.255.255.255 eq 53
access-list 111 permit tcp  A.A.A.A 0.0.0.0 0.0.0.0 255.255.255.255 eq 540
access-list 111 permit tcp  A.A.A.A 0.0.0.0 0.0.0.0 255.255.255.255 eq 119
access-list 111 permit udp  A.A.A.A 0.0.0.0 0.0.0.0 255.255.255.255 eq 1525
access-list 111 permit udp  A.A.A.A 0.0.0.0 0.0.0.0 255.255.255.255 gt 33433
access-list 111 permit udp  A.A.A.A 0.0.0.0 0.0.0.0 255.255.255.255 lt 33500

=================================================================
Fergus McMenemie              
GEC Plessey Semiconductors    Email: gpsemi @
 netcom .
 com
=================================================================

Indexed By Date	Previous:	Firewalls-Digest forwarded to main list by broken mailer From: Brent Chapman <brent @ GreatCircle . COM>
Indexed By Date	Next:	DNS Client Ports From: Dave Mischler <mischler @ cubic . com>
Indexed By Thread	Previous:	Firewalls-Digest forwarded to main list by broken mailer From: Brent Chapman <brent @ GreatCircle . COM>
Indexed By Thread	Next:	DNS Client Ports From: Dave Mischler <mischler @ cubic . com>