Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

al
New Member

having problems with access-list

Cut these items from a PIX that I'm working on. I can't decifer what they are.

access-list acl_in permit 23 host xxx.253.5.3 host 10.10.1.10

access-list acl_in permit 23 host xxx.253.5.3 host xxx.253.5.4

.

.

access-list acl_in permit ip any any

First, what is protocol 23?

Second, doesn't the last statement allow the protocol from any net to any net making the need for the first two lines redundant (I'm guessing that the last line was supposed to say deny).

2 REPLIES
New Member

Re: having problems with access-list

the last statement will override the first two, if no one of the first two matches , the last one will do.

by default PIX deny everything, so you dont need the deny ip any any as the last directive.

permit ip any any is turning your firewall to an ethernet patchcord =)

and, IP as protocol implies all others.

If you want the get a list of protocol numbers go to

http://www.iana.org/assignments/protocol-numbers

regards

al
New Member

Re: having problems with access-list

I had looked at the protocol table before and here's what it says about 23....

23 TRUNK-1 Trunk-1 [BWB6]

Which really doesn't tell me much. Someone else suggested that perhaps they were really trying to allow telnet access from the router into the PIX which would make sense...

86
Views
0
Helpful
2
Replies