ACL cyber

// establish an SSH session

C:>ssh -l SSHadmin 192.168.2.1

R2#

//Apply ACL 10 to ingress traffic on the VTY lines.

R1#config t

R1(config)#access-list 10 permit host 192.168.3.3

R1(config)#line vty 0 4

R1(config-line)#access-class 10 in

R1(config-line)#exit

//Configure ACL 120 to specifically permit and deny the specified traffic.

R1#config t

R1(config)#access-list 120 permit udp any host 192.168.1.3 eq domain

R1(config)#access-list 120 permit tcp any host 192.168.1.3 eq smtp

R1(config)#access-list 120 permit tcp any host 192.168.1.3 eq ftp

R1(config)#access-list 120 deny tcp any host 192.168.1.3 eq 443

R1(config)#access-list 120 permit tcp host 192.168.3.3 host 10.1.1.1 eq 22

R1(config)#interface S0/0/0

R1(config-if)#ip access-group 120 in

R1(config-if)#exit

R1(config)#show access-list

R1(config)#end

R1#show access-list

Standard IP access list 10

10 permit host 192.168.3.3

Extended IP access list 120

10 permit udp any host 192.168.1.3 eq domain

20 permit tcp any host 192.168.1.3 eq smtp

30 permit tcp any host 192.168.1.3 eq ftp

40 deny tcp any host 192.168.1.3 eq 443

50 permit tcp host 192.168.3.3 host 10.1.1.1 eq 22

//Make any necessary changes to ACL 120 to permit and deny the specified traffic.

R1(config)#access-list 120 permit icmp any any echo-reply

R1(config)#access-list 120 permit icmp any any unreachable

R1(config)#access-list 120 deny icmp any any

R1(config)#access-list 120 permit ip any any

R1(config)#exit

R1#show access

Standard IP access list 10

10 permit host 192.168.3.3

Extended IP access list 120

10 permit udp any host 192.168.1.3 eq domain

20 permit tcp any host 192.168.1.3 eq smtp

30 permit tcp any host 192.168.1.3 eq ftp

40 deny tcp any host 192.168.1.3 eq 443 (44 match(es))

50 permit tcp host 192.168.3.3 host 10.1.1.1 eq 22

60 permit icmp any any echo-reply

70 permit icmp any any unreachable

80 deny icmp any any

90 permit ip any any

//Configure ACL 110 to permit only traffic from the inside network.

R3(config)#access-list 110 permit ip 192.168.3.0 0.0.0.255 any

//Apply the ACL to interface G0/1.

R3(config)#interface g0/1

R3(config-if)#ip access-group 110 in

R3(config-if)#end

//Configure ACL 100 to block all specified traffic from the outside network.

R3#config t

R3(config)#access-list 100 permit tcp 10.0.0.0 0.255.255.255 eq 22 host 192.168.3.3

R3(config)#access-list 100 deny ip 10.0.0.0 0.255.255.255 any

R3(config)#access-list 100 deny ip 172.16.0.0 0.15.255.255 any

R3(config)#access-list 100 deny ip 192.168.0.0 0.0.255.255 any

R3(config)#access-list 100 deny ip 127.0.0.0 0.255.255.255 any

R3(config)#access-list 100 deny ip 224.0.0.0 15.255.255.255 any

R3(config)#access-list 100 permit ip any any

R3(config)#interface s0/0/1

R3(config-if)#ip access-group 100 in

R3(config-if)#do show access-list

Standard IP access list 10

10 permit host 192.168.3.3

Extended IP access list 110

10 permit ip 192.168.3.0 0.0.0.255 any

Extended IP access list 100

10 permit tcp 10.0.0.0 0.255.255.255 eq 22 host 192.168.3.3

20 deny ip 10.0.0.0 0.255.255.255 any

30 deny ip 172.16.0.0 0.15.255.255 any

40 deny ip 192.168.0.0 0.0.255.255 any

50 deny ip 127.0.0.0 0.255.255.255 any

60 deny ip 224.0.0.0 15.255.255.255 any

70 permit ip any any