Home lab with remote access--Needing ACLs to simulate SRST

Hello community,

For my studies, I have assembled a lab at home.  While I am away from home, I remote into my lab to continue my studies.  In the training videos, Mark refers to ACLs to simulate a WAN failure to test SRST.  Could someone provide the ACLs I need to configure on the router to simulate this?

Regards,

Paul

Comments

  • Is your VPN terminated on one of the routers for you Lab?

    If not the use null route on the site being tested for SRST.

    ip route X.X.X.N 255.255.255.255 null0

    ip route X.X.X.M 255.255.255.255 null0

    If you need the full acl block here is one I have used in the past but block most signalling.

    ip access-list extended block-signalling

       remark SCCP

       deny tcp any any
    eq 2000

       deny tcp any eq
    2000 any

       remark Secure
    SCCP

       deny tcp any any
    eq 2443

       deny tcp any eq
    2443 any

       remark H.225

       deny tcp any any
    eq 1720

       deny tcp any eq
    1720 any

       deny udp any any
    eq 1720

       deny udp any eq
    1720 any

       deny tcp any any
    eq 1718

       deny tcp any eq
    1718 any

       deny udp any any
    eq 1719

       deny udp any eq
    1719 any

       remark MGCP
    control

       deny udp any any
    eq 2427

       deny udp any eq
    2427 any

       remark MGCP
    backhaul

       deny tcp any any
    eq 2428

       deny tcp any eq
    2428 any

       remark SIP

       deny udp any any
    eq 5060

       deny udp any eq
    5060 any

       deny tcp any any
    eq 5060

       deny tcp any eq
    5060 any

       permit ip any
    any

     

    Mike

     

     

Sign In or Register to comment.