Software Upgrades: Please check our latest Download section.
Search Tip: You can increase the accuracy of your searches by using as many keywords as possible. Remove any common words such as "a", "or", "the" as they will be used in the search. Do not use any operands such as +, or quotation marks to enclose phrases.
|
Issue:
This document goes over a simple setup for TCP/IP filtering on the 833 servers.
Creating filters to permit the Dial In client to communicate to one host on the LAN, and deny communication to all other hosts.
Solution:
For a Dial In client to communicate to a host on the LAN, it must be able to send and recieve data.
Two filters will have to be created, one to permit data sent to the LAN host and one to permit data recieved from the LAN host. Then configure the Perle to deny communication to all other hosts.
This is achieved by:
With this filter arrangement, all TCP/IP packets going to the Destination and all TCP/IP packets recieved by the Source will be permitted.
All other packets are denied.
On the 833IS the configuration file will appear as this example:
!
ip access-list extended from
permit ip host 1.2.3.4 any
!
ip access-list extended to
permit ip any host 1.2.3.4
As soon as the packet matches one of the filters, then the packet is accpeted or rejected and no further checking is done. If the packet does not match any assigned filters, then the default action will be carried out.
The packet address is logically AND to the filter mask and compared to the filter address AND filter mask.
Example:
10.6.0.0 && 255.255.0.0 =
00001010.00000110.00000000.00000000
11111111.11111111.00000000.00000000
=
00001010.00000110.00000000.00000000
10.6.135.165 && 255.255.0.0 =
00001010.00000110.10000111.10100101
11111111.11111111.00000000.00000000
=
00001010.00000110.00000000.00000000
after the Filter Mask both address are equal
10.36.99.235 && 255.255.0.0 =
00001010.00100100.01100011.11101011
11111111.11111111.00000000.00000000
=
00001010.00100100.00000000.00000000
after the Filter Mask this is not equal