The above implies that the destination port in the UDP packet is tftp (69).
> access-list 100 permit udp any eq tftp any
The above command implies that the source port in the UDP packet is tftp (69).
These two commands do different things. Depending on which direction (inbound or outbound) the access-list is applied on the interface, there will either allow the originating TTP packets, or they'll allow the response TFTP packets.
means the source port of the packet is tftp. By putting the "eq tftp" at the end of the line you're indicating this is the destination port in the packet. You can specify either or both or neither if you like, it depends on whether the packet you want to inspect is the initiator or the responder.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...