Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1134
Views
0
Helpful
1
Replies

simple question

jonl711
Level 1
Level 1

‎08-12-2013 10:41 PM - edited ‎02-21-2020 04:57 AM

What is the difference in the following:

access-list 100 permit tcp any any a.b.c.d 0.0.0.255 w.x.y.z 0.0.0.255 eg 22

access-list 100 permit tcp a.b.c.d 0.0.0.255 w.x.y.z 0.0.0.255

My question is:

does the 1st one allows only ssh traffic?

does the 2nd one allow all traffic?

can the 1st one be written as

access-list 100 permit tcp a.b.c.d 0.0.0.255 w.x.y.z 0.0.0.255 eg 22

0 Helpful
1 Reply 1

Karsten Iwen
VIP
VIP

‎08-12-2013 11:43 PM

You fist line has a wrong syntax. It *has* to be written

access-list 100 permit tcp a.b.c.d 0.0.0.255 w.x.y.z 0.0.0.255 eg 22

Just think about what an ACE expects at which place. And with the given mask, "d" and "z" have to be "0".

After that correction, your assumptions are nearly right. The first line allows SSH betweeen the two given subnets (or whatever runs on TCP/22 on the destination machine) while the second allows all TCP-Traffic, but nothing else (ICMP/UDP/GRE ...).

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card