Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

allow telnet from host generating random ports

hi guys,

I am creating access-list to allow 192.168.40.25 to access 10.0.0.0 network and vice versa on port 21, 22 and 23

I got ACL applied on the router and 192.168.40.25 (host) can access any device on 10.0.0.0 network successfully, but no one from 10.0.0.0 can access 192.168.40.25

I think the problem is the random generating port numbers on on any client machines on 10.0.0.0 network

how can I allow telnet session to be established between any device from 10.0.0.0 network and my host 192.168.40.25?

The following are my ACLs:

--------------------------

access-list 105 permit tcp host 192.168.40.25 10.0.0.0 0.255.255.255 eq telnet

access-list 105 permit tcp host 192.168.40.25 10.0.0.0 0.255.255.255 eq ftp

access-list 105 permit tcp host 192.168.40.25 10.0.0.0 0.255.255.255 eq ftp-data

access-list 105 permit tcp host 192.168.40.25 10.0.0.0 0.255.255.255 eq 22

Thanks alot :)

  • WAN Routing and Switching
2 REPLIES
New Member

Re: allow telnet from host generating random ports

Your ACL is unidirectional. As i see you only allow from 192.168.40.25 to 10.0.0.0/8

you should write in some acl's for the reverse traffic as well. 10.0.0.0/8 to 192.168.40.25

Re: allow telnet from host generating random ports

Hi Aun,

This is your access-list:

access-list 105 permit tcp host 192.168.40.25 10.0.0.0 0.255.255.255 eq telnet

access-list 105 permit tcp host 192.168.40.25 10.0.0.0 0.255.255.255 eq ftp

access-list 105 permit tcp host 192.168.40.25 10.0.0.0 0.255.255.255 eq ftp-data

access-list 105 permit tcp host 192.168.40.25 10.0.0.0 0.255.255.255 eq 22

This is the additional ACL needed to allow telnet access between any device from 10.0.0.0 network and host 192.168.40.25:

access-list 110 permit tcp 10.0.0.0 0.255.255.255 host 192.168.40.25 eq telnet

interface Fa0/0

ip access-group 105 out

ip access-group 110 in

Directions "in" or "out" depend on where your Fa0/0 interface is located in relation to the two traffic types.

Cheers:

Istvan

160
Views
0
Helpful
2
Replies
This widget could not be displayed.