CSS ACL question

wilson_1234_2 · ‎01-28-2009

I have the below ACL on our CSS.

A recent port scan from a vulnerability test showed the port for the app session was open.

even though the acl is showing clause 55 at the bottom of the list, it still should be in sequence correct?

Also is the app session traffic udp or tcp?

Remote side app session source is 6.2.1.131

circuit VLAN1

ip address 2.1.1.75 255.255.255.0

acl 10

clause 10 deny any any destination 224.0.0.0 255.255.255.0

clause 22 deny any any destination 192.168.0.0 255.255.0.0

clause 30 deny any any destination 172.16.0.0 255.255.0.0

clause 40 deny any any destination 127.0.0.0 255.0.0.0

clause 50 deny any any destination 10.0.0.0 255.0.0.0

clause 60 permit any 2.1.1.66 destination 2.1.1.75 255.255.255.255 eq 22

clause 100 deny any any destination 2.1.1.75 255.255.255.255 eq 21

clause 110 deny any any destination 2.1.1.75 255.255.255.255 eq 22

clause 120 deny any any destination 2.1.1.75 255.255.255.255 eq 23

clause 130 deny any any destination 2.1.1.75 255.255.255.255 eq 80

clause 254 permit any any destination any

clause 55 permit any 6.2.1.131 destination 2.1.1.75 255.255.255.255 eq 5001

apply circuit-(VLAN1)

Syed Iftekhar Ahmed · ‎01-29-2009

Since its clause 55 therefore it will be processed before clause 254.

APP uses by default TCP port 5001 but can be forced to UDP port 5002 with the "app-udp" command.

Syed Iftekhar Ahmed