http,https,ftp,telnet etc inside tcp, tcp sent inside ICMP (lets say ICMP is a t

1. http,https,ftp,telnet etc inside tcp, tcp sent inside ICMP (lets say ICMP is a transportation like a car)
2.  
3. 9.3.2.12
4.  
5. RT1>en
6. RT1#conf t
7. Enter configuration commands, one per line. End with CNTL/Z.
8. RT1(config)#ip ac
9. RT1(config)#ip access-list ex
10. RT1(config)#ip access-list extended ACL
11. RT1(config-ext-nacl)#deny ?
12. ahp Authentication Header Protocol
13. eigrp Cisco's EIGRP routing protocol
14. esp Encapsulation Security Payload
15. gre Cisco's GRE tunneling
16. icmp Internet Control Message Protocol
17. ip Any Internet Protocol
18. ospf OSPF routing protocol
19. tcp Transmission Control Protocol
20. udp User Datagram Protocol
21. RT1(config-ext-nacl)#deny tcp ?
22. A.B.C.D Source address
23. any Any source host
24. host A single source host
25. RT1(config-ext-nacl)#deny tcp host 172.31.1.101 host 64.101.255.254 ?
26. eq Match only packets on a given port number
27. established established
28. gt Match only packets with a greater port number
29. lt Match only packets with a lower port number
30. neq Match only packets not on a given port number
31. range Match only packets in the range of port numbers
32. <cr>
33. RT1(config-ext-nacl)#deny tcp host 172.31.1.101 host 64.101.255.254 eq 80
34. RT1(config-ext-nacl)#deny tcp host 172.31.1.101 host 64.101.255.254 eq 443
35. RT1(config-ext-nacl)#deny tcp host 172.31.1.101 host 64.103.255.254 eq 80
36. RT1(config-ext-nacl)#deny tcp host 172.31.1.101 host 64.103.255.254 eq 443
37. RT1(config-ext-nacl)#deny tcp host 172.31.1.102 host 64.101.255.254 eq 21
38. RT1(config-ext-nacl)#deny tcp host 172.31.1.102 host 64.103.255.254 eq 21
39. RT1(config-ext-nacl)#deny icmp host 172.31.1.103 host 64.101.255.254
40. RT1(config-ext-nacl)#deny icmp host 172.31.1.103 host 64.103.255.254
41. RT1(config-ext-nacl)#permit ip any any
42. RT1(config-ext-nacl)#exit
43. RT1(config)#int g0/0
44. RT1(config-if)#ip ac
45. RT1(config-if)#ip access-group ACL in
46. RT1(config-if)#