Unanswered Question
Mar 25th, 2007
User Badges:

hi expert,

With attach diagram, if i want to permit the access-list to initiate a ssh session from PC to which access list is right ?

1)access-list 101 permit tcp any eq 22 host

2)access-list 101 permit tcp any eq 22

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
rebecca.richards Sun, 03/25/2007 - 22:55
User Badges:

You're close with access-list # 2 above, but it needs to be:

access-list 101 permit tcp any host eq 22

- bec

acbenny Sun, 03/25/2007 - 23:14
User Badges:

ic, how about the #1 access-list ?

it is just any host can make session with destination port which is tcp port 22 to host ----is it also right ?

rebecca.richards Sun, 03/25/2007 - 23:33
User Badges:

With SSH, the client binds to a "random" TCP high port, which you cannot predict. So your ACL #1 above would not match at all, as you're specifying that the clients are bound to 22/tcp

It is the _server_ that is bound to 22/tcp, which is what you match on, thus #2.

acbenny Sun, 03/25/2007 - 23:44
User Badges:

then does this pattern is correct ?

Access-list 101 permit tcp/udp [source ip address][source ip address 's destination port][destination ip address][destination ip 's destination port]


This Discussion