It's unclear to me what the difference is between these 2 acl statements , could anyone elaborate. The reason I'm asking this is on a outbound acl using the 2nd entry listed and we are not seeing anything on the acl counters when he comes thru yet if we put a deny all at the beginning of the list he is blocked. I am wondering if the syntax is wrong and actually should be the first entry listed below , or are there any reasons why the acl counters would not be imcrementing , the user is going to telnet as verified thru the cache flows .
permit tcp 18.104.22.168 0.0.0.255 eq telnet host 22.214.171.124 ----->
permit tcp 126.96.36.199 0.0.0.255 host 188.8.131.52 eq telnet