Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
280
Views
0
Helpful
1
Replies

Access list direction control

bapatsubodh
Level 1
Level 1

‎05-11-2008 06:38 AM - edited ‎03-11-2019 05:43 AM

Hi,

We have two unix servers

Servers A : 10.10.10.2/ 24

Servers B : 192.168.1.2 /24

connected to routers Fa0/0 and Fa 0/1 interfaces respectively.

We have configured following access list

access-list 101 deny 10.10.10.2 0.0.0.0 192.168.1.2 0.0.0.0 eq telnet

permit any any

and applied as

#inf fa0/0

( config-if)#ip access-group 101 in

This will deny telnet access initiated from 10.10.10.2 to server 192.168.1.2 as source , destinatio and target port numbers are matching.

What will happen if reverse telnet connection is initiated , that is telnet is initiated by 192.168.1.2 to 10.10.10.2 ?

Will it be denied by our access list ?

As packet returning back to 192.168.1.2 will match the ip address but I think target port will be diferent and not 23 ) so connection shoud be established.

Please share.

Thanks in advance.

Subodh

Labels:
0 Helpful
1 Reply 1

Jon Marshall
Hall of Fame
Hall of Fame

‎05-11-2008 10:29 PM

Subodh

I think your access-list should read

access-list 101 deny tcp 10.10.10.2 0.0.0.0 192.168.1.2 0.0.0.0 eq telnet (note the "tcp" keyword).

Anyway you are correct in what you say. The target port on the return traffic to 192.168.1.2 would not be 23 but a port number above 1024. So your access-list 101 would not block the traffic.

Jon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card