Access list direction control

Unanswered Question
May 11th, 2008


We have two unix servers

Servers A : 24

Servers B : /24

connected to routers Fa0/0 and Fa 0/1 interfaces respectively.

We have configured following access list

access-list 101 deny eq telnet

permit any any

and applied as

#inf fa0/0

( config-if)#ip access-group 101 in

This will deny telnet access initiated from to server as source , destinatio and target port numbers are matching.

What will happen if reverse telnet connection is initiated , that is telnet is initiated by to ?

Will it be denied by our access list ?

As packet returning back to will match the ip address but I think target port will be diferent and not 23 ) so connection shoud be established.

Please share.

Thanks in advance.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Sun, 05/11/2008 - 22:29


I think your access-list should read

access-list 101 deny tcp eq telnet (note the "tcp" keyword).

Anyway you are correct in what you say. The target port on the return traffic to would not be 23 but a port number above 1024. So your access-list 101 would not block the traffic.



This Discussion