rebecca.richards Sun, 03/25/2007 - 22:55

You're close with access-list # 2 above, but it needs to be:


access-list 101 permit tcp any host 192.168.1.2 eq 22


- bec

acbenny Sun, 03/25/2007 - 23:14

ic, how about the #1 access-list ?


it is just any host can make session with destination port which is tcp port 22 to host 192.168.1.2 ----is it also right ?




rebecca.richards Sun, 03/25/2007 - 23:33

With SSH, the client binds to a "random" TCP high port, which you cannot predict. So your ACL #1 above would not match at all, as you're specifying that the clients are bound to 22/tcp


It is the _server_ that is bound to 22/tcp, which is what you match on, thus #2.

acbenny Sun, 03/25/2007 - 23:44

then does this pattern is correct ?


Access-list 101 permit tcp/udp [source ip address][source ip address 's destination port][destination ip address][destination ip 's destination port]


Actions

This Discussion