I have a router R0 , RO's f0/0 connects to a server 10.1.1.2 and R0 also use the F0/0 as a gre tunnel's source interface . this tunnel's destination is the R3's f0/0 . and 1 smtp server 192.168.1.3 connects to router R3. the server 10.1.1.2 need to connect to the server 192.168.1.3's TCP port 25. and i put a acl on R0's f0/0
ip access-group snmp in
ip access-list extended snmp
permit tcp host 10.1.1.2 host 192.168.1.3 eq 25
there is no other ACL between this 2 servers.
but the server 10.1.1.2 still can not access server 192.168.1.3 by using tcp port 25.
since the tunnel 0 also use f0/0 as source interface , i guess maybe i need to add one more line for ACL snmp
permit tcp host 192.168.1.3 eq 25 host 10.1.1.2.
Please help me for this issue. if my guess is wrong , what is the right sloution .