Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Access list direction control

Hi,

We have two unix servers

Servers A : 10.10.10.2/ 24

Servers B : 192.168.1.2 /24

connected to routers Fa0/0 and Fa 0/1 interfaces respectively.

We have configured following access list

access-list 101 deny 10.10.10.2 0.0.0.0 192.168.1.2 0.0.0.0 eq telnet

permit any any

and applied as

#inf fa0/0

( config-if)#ip access-group 101 in

This will deny telnet access initiated from 10.10.10.2 to server 192.168.1.2 as source , destinatio and target port numbers are matching.

What will happen if reverse telnet connection is initiated , that is telnet is initiated by 192.168.1.2 to 10.10.10.2 ?

Will it be denied by our access list ?

As packet returning back to 192.168.1.2 will match the ip address but I think target port will be diferent and not 23 ) so connection shoud be established.

Please share.

Thanks in advance.

Subodh

1 REPLY
Hall of Fame Super Blue

Re: Access list direction control

Subodh

I think your access-list should read

access-list 101 deny tcp 10.10.10.2 0.0.0.0 192.168.1.2 0.0.0.0 eq telnet (note the "tcp" keyword).

Anyway you are correct in what you say. The target port on the return traffic to 192.168.1.2 would not be 23 but a port number above 1024. So your access-list 101 would not block the traffic.

Jon

184
Views
0
Helpful
1
Replies
CreatePlease to create content