I am trying to apply two ACL to one of the VLAN but it seems that the "in" option is denying incoming packets because when users from inside my network are initiating connection to the other LAN, they open a random port and that is the port that the other server is trying to establish a session back to my LAN. I mean, if I launch a connection to port25, my workstation open a random port (i.e. 4447) and the server tries to connect back to my workstation on that port but my ACL denies because it is a random port that it is not in the ACL.
TCP 10.33.64.104:4447 10.18.128.4:25 SYN_SENT
%SEC-6-IPACCESSLOGP: list CHI-IN denied tcp 10.18.128.4(25) -> 10.33.64.104(4447), 1 packet
How do I restrict what the other LAN can access and still allow my LAN to access only some ports that are allowed on the other side?