allow telnet from host generating random ports

Aun Iqbal · ‎08-03-2009

hi guys,

I am creating access-list to allow 192.168.40.25 to access 10.0.0.0 network and vice versa on port 21, 22 and 23

I got ACL applied on the router and 192.168.40.25 (host) can access any device on 10.0.0.0 network successfully, but no one from 10.0.0.0 can access 192.168.40.25

I think the problem is the random generating port numbers on on any client machines on 10.0.0.0 network

how can I allow telnet session to be established between any device from 10.0.0.0 network and my host 192.168.40.25?

The following are my ACLs:

--------------------------

access-list 105 permit tcp host 192.168.40.25 10.0.0.0 0.255.255.255 eq telnet

access-list 105 permit tcp host 192.168.40.25 10.0.0.0 0.255.255.255 eq ftp

access-list 105 permit tcp host 192.168.40.25 10.0.0.0 0.255.255.255 eq ftp-data

access-list 105 permit tcp host 192.168.40.25 10.0.0.0 0.255.255.255 eq 22

Thanks alot :)

c.captari · ‎08-03-2009

Your ACL is unidirectional. As i see you only allow from 192.168.40.25 to 10.0.0.0/8

you should write in some acl's for the reverse traffic as well. 10.0.0.0/8 to 192.168.40.25

Istvan_Rabai · ‎08-03-2009

Hi Aun,

This is your access-list:

access-list 105 permit tcp host 192.168.40.25 10.0.0.0 0.255.255.255 eq telnet

access-list 105 permit tcp host 192.168.40.25 10.0.0.0 0.255.255.255 eq ftp

access-list 105 permit tcp host 192.168.40.25 10.0.0.0 0.255.255.255 eq ftp-data

access-list 105 permit tcp host 192.168.40.25 10.0.0.0 0.255.255.255 eq 22

This is the additional ACL needed to allow telnet access between any device from 10.0.0.0 network and host 192.168.40.25:

access-list 110 permit tcp 10.0.0.0 0.255.255.255 host 192.168.40.25 eq telnet

interface Fa0/0

ip access-group 105 out

ip access-group 110 in

Directions "in" or "out" depend on where your Fa0/0 interface is located in relation to the two traffic types.

Cheers:

Istvan