Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 2 Current »

headerFTU.jpg

access-list

image-20241217-102320.png

ip access-list extended App_1_HandS

ip access-list extended App_1_HandS
 permit ip 0.0.0.0 255.255.255.255 172.10.0.0 0.0.255.255
exit
ip access-list extended App_2_HandS
 permit ip 0.0.0.0 255.255.255.255 192.168.10.0 0.0.0.255
exit
ip access-list extended permitSpecificPorts
 permit tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 22
 permit tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 830
 permit udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 4500
 permit udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 500
 permit udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 848
 permit ip 50 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
 permit icmp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
 permit udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 3784
 permit udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 161
 permit udp 10.0.0.0 0.255.255.255 67 0.0.0.0 255.255.255.255 68
 permit udp 172.16.0.0 0.15.255.255 67 0.0.0.0 255.255.255.255 68
 permit udp 192.168.0.0 0.0.255.255 67 0.0.0.0 255.255.255.255 68
exit
ip access-list extended allowOut
 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 reflexive
exit
ip access-list extended sdwan_mgmt_traffic
 permit udp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 9995
 permit udp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 123
 permit udp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 514
 permit tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 601
 permit tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 2200
 permit tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 2201
 permit udp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 848
 permit tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 80
 permit tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 443
 permit tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 4740
 permit tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 6514
 permit udp 192.0.2.1 0.0.0.0 57.152.68.169 0.0.0.0 53
exit
ip access-list extended local_mgmt_traffic
 permit udp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 9995
 permit udp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 123
 permit udp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 514
 permit tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 601
 permit tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 2200
 permit tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 2201
 permit udp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 848
 permit tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 80
 permit tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 443
 permit tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 4740
 permit tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 6514
 permit udp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 53
exit
ip access-list extended local_mgmt_traffic_high_prio
 permit udp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 123
 permit tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 2200
 permit udp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 53
exit
ip access-list extended ipsec_mgmt
 permit udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 4500
 permit udp 0.0.0.0 255.255.255.255 4500 0.0.0.0 255.255.255.255
 permit udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 500
 permit udp 0.0.0.0 255.255.255.255 500 0.0.0.0 255.255.255.255
 permit udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 848
 permit udp 0.0.0.0 255.255.255.255 848 0.0.0.0 255.255.255.255
exit
ip access-list extended site2site
 permit ip 0.0.0.0 255.255.255.255 10.0.0.0 0.255.255.255
 permit ip 0.0.0.0 255.255.255.255 172.16.0.0 0.15.255.255
 permit ip 0.0.0.0 255.255.255.255 192.168.0.0 0.0.255.255
exit
ip access-list extended breakout
 deny ip 0.0.0.0 255.255.255.255 10.0.0.0 0.255.255.255
 deny ip 0.0.0.0 255.255.255.255 172.16.0.0 0.15.255.255
 deny ip 0.0.0.0 255.255.255.255 192.168.0.0 0.0.255.255
 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
ip access-list extended all_traffic
 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
ip access-list extended not_sdwan_mgmt_traffic
 deny udp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 9995
 deny udp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 123
 deny udp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 514
 deny tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 601
 deny tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 2200
 deny tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 2201
 deny udp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 848
 deny tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 80
 deny tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 443
 deny tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 4740
 deny tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 6514
 deny udp 192.0.2.1 0.0.0.0 57.152.68.169 0.0.0.0 53
 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
ip access-list extended not_local_mgmt_traffic
 deny udp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 9995
 deny udp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 123
 deny udp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 514
 deny tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 601
 deny tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 2200
 deny tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 2201
 deny udp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 848
 deny tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 80
 deny tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 443
 deny tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 4740
 deny tcp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 6514
 deny udp 192.0.2.1 0.0.0.0 0.0.0.0 255.255.255.255 53
 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
ip access-list extended public_dns
 deny udp 192.0.2.1 0.0.0.0 57.152.68.169 0.0.0.0 53
 permit udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 53
exit
ip access-list extended esp
 permit udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 4500
 permit udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 500
 permit ip 50 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
ip access-list extended permitSpecificPortsVrf
 permit tcp 0.0.0.0 255.255.255.255 22 0.0.0.0 255.255.255.255
 permit tcp 0.0.0.0 255.255.255.255 830 0.0.0.0 255.255.255.255
 permit udp 0.0.0.0 255.255.255.255 4500 0.0.0.0 255.255.255.255
 permit udp 0.0.0.0 255.255.255.255 500 0.0.0.0 255.255.255.255
 permit udp 0.0.0.0 255.255.255.255 848 0.0.0.0 255.255.255.255
 permit ip 50 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
 permit icmp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
 permit udp 0.0.0.0 255.255.255.255 3784 0.0.0.0 255.255.255.255
 permit udp 0.0.0.0 255.255.255.255 161 0.0.0.0 255.255.255.255
exit
ip access-list extended from_vasi_internet
 permit ip 198.51.100.5 0.0.0.0 0.0.0.0 255.255.255.255
exit
ip access-list extended not_from_vasi_internet
 deny ip 198.51.100.5 0.0.0.0 0.0.0.0 255.255.255.255
 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
ip access-list extended App_1_Default-Breakout
 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
tic category tic_Default-Breakout

  • No labels