03-25-2007 06:46 PM - edited 03-03-2019 04:17 PM
hi expert,
With attach diagram, if i want to permit the access-list to initiate a ssh session from PC to 192.168.1.2. which access list is right ?
1)access-list 101 permit tcp any eq 22 host 192.168.1.2
2)access-list 101 permit tcp any 192.168.1.2 eq 22
03-25-2007 10:39 PM
2
03-25-2007 10:55 PM
You're close with access-list # 2 above, but it needs to be:
access-list 101 permit tcp any host 192.168.1.2 eq 22
- bec
03-25-2007 11:14 PM
ic, how about the #1 access-list ?
it is just any host can make session with destination port which is tcp port 22 to host 192.168.1.2 ----is it also right ?
03-25-2007 11:33 PM
With SSH, the client binds to a "random" TCP high port, which you cannot predict. So your ACL #1 above would not match at all, as you're specifying that the clients are bound to 22/tcp
It is the _server_ that is bound to 22/tcp, which is what you match on, thus #2.
03-25-2007 11:44 PM
then does this pattern is correct ?
Access-list 101 permit tcp/udp [source ip address][source ip address 's destination port][destination ip address][destination ip 's destination port]
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide